Has anyone compared the performance and resource usage on a universal...
All, I have a couple small use cases where a full install of Splunk with the GUI disabled might be better than using a Universal Forwarder. And honestly, just curious. 1) Mainly some props...
View ArticleHow to assess improvement in network utilization after turning on compression...
Hi, I'm wanting to assess the improvement in network utilization after turning on compression. Is there any search of the internal index or metrics that are collected that can allow me to assess the...
View ArticleWhat is recommended to get a Splunk universal forwarder to pick up data after...
Customer has many SQL Server clusters that are using Windows Failover Clustering. Splunk is installed at the node-level (so if there are 4 physical servers, Splunk is installed 4 times). When an...
View Articleuniversal forwarder evtx fields extraction?
![alt text][1] Hi, I am using SplunkUniversalForwarder to forward exported evtx files on windows7 machine to Enterprise instance running on ubuntu server. On ubuntu server not all fields extracted in...
View ArticleHow to tell if Splunk universal forwarder performance is keeping up and...
Hi, I've been troubleshooting a problem where files are occasionally getting missed in Splunk. The app creates a lot of files and a lot of data - they roll over at 50mb, about every 1-2 minutes. Just...
View ArticleAfter installing a Splunk 6.4 universal forwarder, why are events indexed...
After an initial installation of the Universal Forwarder (6.4.0), I immediately changed the hostname values to use the FQDN: ./splunk set servername myserver.domain.com ./splunk set default-hostname...
View ArticleTrying to upgrade Windows universal forwarders from Splunk 5.0.3 to 6.4, why...
I am trying to upgrade the collectors on a few Windows Servers because I had a security come back saying my version had some issues. The readme in program files says I have Splunk 5.0.3. I am trying to...
View ArticleInstalling a universal forwarder from the PowerShell command line on Windows,...
I am trying to install the Splunk Universal Forwarder from the PowerShell command-line on Windows Server 2012 R2 and am having difficulties when I add in the options for SSL certs and the password. My...
View ArticleHow to configure inputs.conf for kafka modular input module on a universal...
This is the info related to kafka. KAFKA_SERVER_NODES=server1,server2 KAFKA_SERVER_PORT=9520 KAFKA_TOPIC=dev Partitions = node1 node2
View ArticleHow can I access the logs which are available in a MySQL database on a remote...
How can I access the logs which are available in My SQL database in my remote server? Hi i am having two servers i.e., Server1 and Server2. In Server1, I have installed Splunk Light Linux version and...
View Articleuniversal forwarder on windows: installation directory must be on a local...
I've installed the universal forwarder on two of my domain controllers without issue. For some reason, on the remaining two, I'm getting the following error on the screen where you specify install...
View ArticleShould we install universal forwarders at each of our branch locations to...
We are looking at leveraging Splunk Cloud and we have branch locations all over the country in which we will need to forward logs into the Splunk Cloud. Do you recommend that we install Universal...
View ArticleHow to pulls log using WMI with a Splunk universal forwarder?
In reference to the following link: https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-running-on-linux.html I want to know that How to pulls log using WMI by Splunk...
View ArticleHow to pull logs using WMI with a Splunk universal forwarder?
In reference to the following link: https://answers.splunk.com/answers/26743/can-i-index-wmi-from-a-splunk-instance-running-on-linux.html I want to know that How to pulls log using WMI by Splunk...
View ArticleArcSight integration: Why does a connector with a universal forwarder...
Background: Externally-hosted server infrastructure feeds event data to the MSP's ArcSight implementation as a non-negotiable part of their service offering - you give them systems to manage, their...
View ArticleWhy is one of my universal forwarders trying to contact the deployment server...
Hi, I have a configuration where many Universal Forwarders are managed by a Deployment Server. Today I installed a new UF on a Windows machine, and I have several problems: - in the internal log I see...
View ArticleWhat configuration file do I need to edit on a Windows universal forwarder to...
Brand new to Splunk. Installed the universal forwarder on a Windows Server and see the logs populating on my Splunk Light server. I want to re-configure the forwarder to not include performance...
View ArticleWhy is one of our hosts down and we are getting these errors in splunkd.log?
Hi, We have noticed one of our hosts (search head) is down and got an alert that a universal forwarder is not responding. Then we noticed this error below in our splunkd logs at that particular moment...
View ArticleWhy am I unable to create a Windows event log input and get error "No...
I have installed a universal forwarder on a Windows server, choosing to forward some of the Windows event logs, and then installed the credentials using the following command: C:\Program...
View ArticleIs there a Splunk Universal Forwarder version for HP-UX 11.00?
Hi, I have a few HP UX version 11.00 servers that I need logs sent to Splunk. I have successfully installed the forwarder on HP UX 11.23, but I do not see a version for 11.00. Can someone confirm? How...
View Article