Why is the Splunk Add-on for Blue Coat ProxySG unable to ingest .gz files and...
It appears the BlueCoat TA is unable to ingest .gz files - even when it is zipped by the Blue Coat proxy itself. Attempting to ingest them actually causes the entire forwarder to crash. I've attempted...
View ArticleWhat the best strategy to discard all temporary data while testing on some...
We have a clustered environment that includes heavy forwarders, universal forwarders, and forwarders under Windows. The development team sometimes do performance tests and these generate a lot of data...
View ArticleIs there a Splunk Universal Forwarder 6.1.10 for AIX 5.3?
I see you have Splunk 6.1.10 for AIX 5.3, does SplunkForwarder 6.1.10 exist? Trying to close the DROWN security vulnerability.
View ArticleHow to troubleshoot why a Windows universal forwarder is sending metrics, but...
Here's my setup: I have three clustered indexers, two search heads, a deployment server, as well as several Heavy Forwarders (three Windows and three Linux). I've been collecting Windows logs remotely...
View ArticleWhy are universal forwarders reporting "File will not be read, seekptr...
We're getting bunch of these exceptions on our Universal Forwarders...any help would be appreciated and I can provide more info if needed... 1) `ERROR TailReader -File will not be read, seekptr...
View ArticleAfter installing NMON Performance Monitor for Unix and LInux Systems on Linux...
First of all, this is a great app, thank you! This is version 1.6.15, according to the home screen of the nmon app. When I install the TA on a Universal Forwarder and reboot, I'm presented with the...
View ArticleIs there any reason to use Perfmon over WMI on a universal forwarder when...
Is there any reason to use Perfmon over WMI on a Universal Forwarder when monitoring local data? Perfmon gets it's data from WMI anyways, so why add the extra step of using Perfmon when you can just...
View ArticleWindows scripted input using output from splunk openssl command?
Does anyone have a nice windows scripted input that will output the local certificate end date? ie. something like inputs.conf [script://.\bin\ssl_check.bat] disabled = false index = ssl_check interval...
View ArticleNMON Performance Monitor for Unix and Linux Systems: Not receiving nmon_data...
I've deployed TA-nmon to 6.3.1 universal forwarders, and am seeing nmon_collect data from those hosts, but nothing else. Was I supposed to tweak a setting in the TA-nmon config? I didn't see that...
View ArticleWhat is the difference between the current_size_kb vs current_size in...
Hello, I don't quite understand the difference between the current_size_kb value and current_size value in the metrics.log for a Universal Forwarder. This is for the parsingqueue, as I am getting the...
View ArticleLimiting fields being forwared from Active Directory
I am trying to use an Universal Forwarder to access Active Directory and I only want certain User information (displayName, samAccountName and email). How can I limit which data the Universal Forwarder...
View ArticleHow to troubleshoot why a Universal Forwarder is not sending data to the...
I installed a Splunk Universal Forwarder on a Windows Server 2012R2 using following command: msiexec.exe /i splunkforwarder-6.3.2-aaff59bb082c-x64-release.msi LOGON_USERNAME="domain\account"...
View ArticleWhat happens if I restart the universal forwarder while it is processing a file?
Here's my setup: 1 search head, 4 indexers, 1 universal forwarder The UF is trying to index a large file (2G), I'm seeing the "Current data throughput (256kb/s) has reached maxKBps. AS a result data...
View ArticleWhy are Windows event logs not being forwarded to the specified index with my...
I have a universal forwarder installed on my Windows server. I am trying to send Event Logs with certain Event Types to the Indexer server. In addition to that, I am sending files stored in my server...
View ArticleIs there a limit we can increase to permit more than 500 established...
We run Windows indexers here and we have around 2000 Universal Forwarders connecting to 6 indexers. When I look at the established splunktcp://9997 connections on the indexers, none of them show more...
View ArticleI have a Windows universal forwarder showing connection in netstat to my...
I have a Windows universal forwarder showing connection in netstat to my Splunk Enterprise receiver, but Forwarder Instance shows no results in the drop-down. Help
View ArticleIs anyone else getting "Splunk could not get the description..." after a...
Not so much a question, but an observation looking for confirmation. If true, looking to spread the word. Recently our Windows Security event alerts for group changes have been blank. The event log...
View ArticleHow to streamline deployment of the universal forwarder across three domains...
Looking at ways to streamline deployment of the universal forwarder agent across three domains consisting of both Linux and Windows. We use satellite for Linux which takes care of all of the Linux...
View ArticleHow to configure a universal forwarder on a syslog server to monitor logs in...
I am interested in configuring a universal forwarder on a syslog server, and have a question regarding how the log data is currently being written. There are multiple sources which forward log data to...
View ArticleWhat is the exact Raspberry Pi (Debian) CLI command to download the Universal...
Sorry... total numbnut here... not much experience with *nix commands I'm sorry. I want to download the Universal Forwarder directly onto the pi via PuTTY SSH session. Do I use `wget`or `apt-get`......
View Article