Why does introspection on a Splunk 6.3.3 AIX universal forwarder not give...
Hi. After having enabled introspection_generator_addon on a Universal Forwarder on AIX, I get data for partion and FishBucket, but not on Perprocess, Hostwide, or Dispatch. My Universal Forwarder is...
View ArticleWhy is my universal forwarder on Windows server 2012 R2 not collecting log...
I have a monitor that that isn't working. I turned debug on in log.cfg, and the Universal Forwarder reports no match on whitelist. The following has been tried: [monitor://E:\Program Files\Microsoft...
View ArticleHow do I configure a universal forwarder to send data to the Splunk Cloud...
Hi, I recently started using the Splunk Cloud free trial. I installed a universal forwarder locally and authorized it with the credential downloaded from Splunk Cloud. I don't see any option in the...
View ArticleUniversal Forwarder has not removed itself from the DMC
I have had a host go down in aws that was not recoverable a few weeks ago and the universal forwarder is still showing as missing in the "distributed management console". Does anyone know how to force...
View ArticleWhy am I unable to disable a Deployment Client using a "splunk" user account?
Hello Guys, I have installed a Splunk Universal Forwarder in my environment and set the deployment server. I also have an account named "splunk" which owns /opt/splunkforwarder. However, if I sudo to...
View ArticleI don't want to monitor or forward the Apache log files to Splunk server...
sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2 I don't want to monitor or forward the Apache log files from the Universal Forwarder to the Splunk...
View ArticleHow to troubleshoot why a universal forwarder is forwarding duplicate events...
We are processing CSV files to index in Splunk, but the Splunk forwarder is always forwarding files twice. Can you please guide us how to avoid this duplicate indexing? If we keep low number of files...
View ArticleHow to troubleshoot why a universal forwarder is not forwarding data to...
Hi All, **Universal Forwarder** -I got my splunk cloud free trial login -Downloaded the universal forwarder app -installed the app by using the credential downloaded as spl file. -I added a particular...
View ArticleHow to edit my configuration to collect Windows event logs with a universal...
Yes, this question has been asked a hundred times. I have looked at all of the examples, but my grasp of the different conf files and their interactions is lacking. First: I have a Windows device. It...
View ArticleSplunk App for Stream: How to enable payload data extraction on Universal...
I have installed Splunk App for Stream on the Search head and Splunk TA stream on Universal forwarder. Also installed Splunk TA stream on the Indexer. Now I need to extract the payload data also. I am...
View ArticleWhere Is Timezone Offset Information on Universal Forwarder?
Trying to determine why some of my forwarders sending in data from Windows virtual desktop instances are having their data offset at the indexer and others are not. I know the documentation says that...
View ArticleWhy are Spool Mail contents only shown partially in Splunk?
We have set up a Splunk monitor for getting contents of `/var/spool/mail/root` to Splunk. We are running a Splunk 6.2.8 Universal Forwarder on all the Linux hosts and the Splunk Enterprise version on...
View ArticleWhy am I getting "Login failed" trying to add a Splunk universal forwarder?
I am using Splunk Enterprise (Amazon Market Place AMI) I have added Forwarding receiving port 9997 Installed universal forwarder and adding the forwarder to server failed: xx.xx.xxx.xx is my serverIP...
View ArticleHow do I fix a large amount of duplicate events that are locking out my...
I've been tasked with installing Splunk Cloud on our hosted Windows environment, and I'm running into issues getting all of the forwarding working properly. I have two Universal Forwarders sending data...
View ArticleHow to edit local a universal forwarder configuration that was pushed via...
I use my deployment server to deploy the Splunk Add-on for Microsoft Windows to Universal Forwarders. Splunk_TA_windows/ ├── default │ └── inputs.conf #unchanged defaults ├── local │ └──...
View ArticleDo we need to install a universal forwarder on our MySQL machine, or only...
Hi :) I have read Splunk MySql docs, but I have a question: Do we have to install a universal forwarder on the MySQL machine to get MySQL general and error logs? or just only install add-on on the...
View ArticleHow to configure a universal forwarder to send data to a specific index on...
Hi, I'm trying to send data to a specific index on our Splunk Cloud instance I've tried several methods found in answers.splunk.com but still with no apparent success. What I've tried:...
View ArticleHow to troubleshoot why universal forwarders are reporting "Could not send...
I'm getting this message below on Universal Forwarders' splunkd.log... INFO BatchReader - Could not send data to output queue (parsingQueue), retrying... INFO TailingProcessor - Could not send data to...
View ArticleWhy is one universal forwarder reporting "Error writing to...
I did see this error in splunkd.log on one of the Universal Forwarders... 04-13-2016 19:42:38.555 -0500 ERROR Logger - Error writing to "/opt/app/splunkforwarder/var/log/splunk/metrics.log": No space...
View ArticleHow to add Cisco devices to the Cisco Networks App for Splunk Enterprise?
I have Cisco logs coming into my syslog-ng server, and I added the log file on a universal forwarder to monitor and send to a Splunk server. How do I check whether or not data is being dumped into the...
View Article