Is it possible to drop events at the source with a universal forwarder?
All, Just reading: http://blogs.splunk.com/2016/05/05/high-performance-syslogging-for-splunk-using-syslog-ng-part-1/?awesm=splk.it_x0t And it's mentioned that we can drop events at the source with the...
View ArticleIs it possible to configure the universal forwarder to forward all Windows...
For some time now I have been using Splunk to log all the basic Windows event logs such as App, Security, Setup, System, and Forwarded Events, but I cannot find a simple way to grab all the...
View ArticleUniversal forwarder using 40-50% CPU and reports "(process) took longer than...
A Splunk Universal Forwarder has been using an unusual amount of CPU (between 40% and 50%), specifically by splunk-winevtlog.exe. Checking the splunkd.log shows this error occurring fairly constantly:...
View ArticleHow to configure a Splunk Universal forwarder on a remote system?
I've already installed the Splunk Universal Forwarder in my remote PC. I gave the Indexer the IP to receive the data from the remote machine and also configured the port in my indexer as 9997 default,...
View ArticleAfter sending data from a universal forwarder > indexer > syslog, why do I...
We have 3 servers in our Environment 1) Syslog server 2) Splunk Universal Forwarder 3) Splunk Indexer To be done: Forward the data from Splunk Indexer to the Syslog Server Procedure: 1) we have...
View ArticleWhat does Splunk do when one index in an indexer has reached maximum capacity?
Hi all, I'm currently having problem with the storage in one of my indexer. Here's the brief summary of my condition: - 1 Search Head instance - 3 Indexer instances - Several Universal Forwarders,...
View ArticleHow to configure a Splunk 6.3.1 universal forwarder to prevent high CPU...
Hi, I have about 1500 Universal Forwarders installed in our environment. The UF version is 6.3.1 and installed on Windows computers. Recently, I mentioned that the splunkd process (which related to the...
View ArticleFor Splunk Enterprise, pre 6.3, default root certificates expire on July 21,...
Does the default root certificate expiration on July 21, 2016 affect the "universal forwarders" ? What is the expiration date of the new root certificate that we are asked to replace the July 21...
View ArticleIs it possible to install the Splunk Support for Active Directory add-on on...
Hi, Is it possible or does it make sense to install the Splunk Support for Active Directory add-on on the domain controller with the universal forwarder? The topology is as follows: Domain Controller...
View ArticleWhy am I unable to start the splunkd process on an AIX universal forwarder?
Hi, I have recently install the Universal Forwarder on an AIX node, and after configuration, when I tried to start the splunkd process, I could see the below error on the console. ![alt text][1] [1]:...
View ArticleSplunk Add-on for Microsoft Windows: How to troubleshoot why Windows event...
I'm using Splunk Light as an indexer, Splunk Heavy Forwarder for filtering and forwarding, and the Splunk Universal Forwarder on a Windows 2012 machine (not on the domain) to test Windows events. I...
View ArticleShould we upgrade our universal forwarders from 4.3 to 6.4? Why?
Hi, Can you please tell me if there is any valuable reason to upgrade forwarders from 4.3 to new versions (6.x)? We have just upgraded the indexer to 6.4. I know the minimum version for the forwarders...
View ArticleIs it possible to have a custom REST endpoint that executes scripts on a...
Hi, Is it possible to have a custom REST endpoint that executes scripts on a universal forwarder?
View ArticleHow to configure props.conf to set the universal forwarder's server time as...
I'm trying to solve the following problem: in our client's environment, the clocks on different servers can vary greatly. We can easily have a server which is 3 hours behind on its system clock. And...
View ArticleHow do I edit my configurations to monitor Windows event logs using Splunk...
After 2 days of reading numerous help docs and watching tutorial videos, still not able to get Splunk Cloud monitoring a simple event log of my Windows test-pc. Installing and de-installing the...
View ArticleHow do I install a universal forwarder on Mac OS and configure data inputs?
It is getting installed, but I don't know how to import the data to my Splunk Enterprise. I can't find any proper GUI of the forwarder to import or deal with the log files.
View ArticleSplunk Forwarder and Splunk Enterprise 6.4.1 on the same Winodws Server 2012 R2
I have installed Splunk Enterprise 6.4.1 on a VMware Windows Server 2012 R2 instance. I am able to install the Splunk Universal forwarder specifying the same server as the receiver, but when I attempt...
View ArticleKafka Modular Input - Can it retrieve messages from channel if it has been...
We have deployed **kafka_ta** modular app on a Universal Forwarder and pointed to an indexer. It works perfectly fine. Meanwhile - while discussing about DR for universal forwarder - the following...
View ArticleForwarding logs to a third party system using a universal forwarder with...
Hi All, We are sending logs to a third party system. And in the inputs.conf monitor stanza, we have set: sendCookedData = false sourcetype = errorlogs index = logs_index **sendCookedData = false**...
View ArticleHow to configure a universal forwarder to send data coming from certain...
Dear All, I have a question on Splunk Universal Forwarder. Requirement: We have certain unique application servers where they would be sending data to the universal forwarder on port 9997. However,...
View Article