How to blacklist a single source path on a universal forwarder?
I have the monitor stanza on one of my Universal Forwarders.....I tried to blacklist a particular JVM from which the logs are not required to be monitored. Any help would be appreciated on this....
View ArticleWhy am I getting error "Failed to delete the non-existent input. Remote...
I'm new to Splunk. I get the above error when trying to remove Event log collection inputs (from a forwarder) under settings-Data Inputs-Forwarded Inputs-Windows Event Logs. I no longer want to collect...
View ArticleWhich version of splunkforwarder will support parsing like routing to nullQueue?
Word on the street is that the Universal Forwarder may be doing parsing in the near future if not now.
View ArticleWhat are best practices using a deployment server to deploy multiple...
Hello, Let's say I have several kind of Windows Servers: - IIS servers - SQL Servers - etc. For each of them: 1. I want to collect a common set of data (application/system event logs, CPU/memory...
View ArticleHow to blacklist a Universal Forwarder?
This should be relatively simple, but I cannot find discussion or documentation on it. I suspect that Splunk assumes if a universal forwarder is installed, the data is wanted. The problem is that there...
View ArticleHow to troubleshoot why a 6.4.1 universal forwarder on a Windows 2012 domain...
I installed a universal forwarder 6.4.1 on a Windows 2012 domain controller using a local system account. The security logs are forwarded as expected. However, the Active Directory data like object...
View ArticleSetting up a universal forwarder and receiver to forward _internal logs, why...
Hi, I want to forward metrics and splunkd logs with /apps/**SplunkUniversalForwarder** app to my indexer via TCP 9997 port to manage forwarder, but there are some ERRORs. There are problems connecting...
View ArticleWhy is our 6.4.1 Windows universal forwarder not appearing in the list of hosts?
Good afternoon, I'm testing out Splunk. I have installed Splunk Light on a VM, and installed a few forwarders. The first few machines were 2003, so I installed an older forwarding agent (6.1.10). That...
View ArticleWhy am I unable to use token authentication on a universal forwarder
Hello the Splunk community I'm trying to use the token authentication between an indexer and a universal forwarder. All seems to be good on my indexer, but the UF doesn't seem to understand the...
View ArticleHow do I force a universal forwarder to reindex all its inputs?
All, Is there a way to make a Universal Forwarder reindex all its inputs? thanks -Daniel
View ArticleWhat is the relationship between Splunk Enterprise and the Universal Forwarder?
I want to know the two relations between the universal forwarder and Splunk Enterprise.
View ArticleHow do I troubleshoot Splunk Universal Forwarder communication issues?
I'm facing 1 issue when try to install a Splunk universal forwarder in one of my job sites. Every time when I change its connection to 127.0.0.1 51112, it will fail after 3 minutes of waiting and reset...
View ArticleHow to find if a server has a universal forwarder installed, where it is...
hi everyone, I am new to Splunk.. one of the servers is not sending the logs. So how can I know that a Splunk Universal Forwarder is installed on that server..? secondly... if a UF is installed, then...
View ArticleAMQP Messaging Modular Input: How do we configure a RabbitMQ server with a...
We are testing out an implementation of Splunk. We are trying to have our logs flow from an internally hosted server to a RabbitMQ server to Splunk. i.e. Universal Forwarder > RabbitMQ > Splunk...
View ArticleHow to send different inputs to different indexers?
We are doing some integration with a outside service provider that already has a Splunk Universal Forwarder deployed on a server that they have dedicated to us. It is collecting some information, and...
View ArticleHow to set up a universal forwarder for AS400 (iSeries) to send data to a...
We offer a third party solution (Alliance LogAgent) that sends IBM i security events in syslog format to Splunk in real time. It works great for in-house deployments, but we have prospective customers...
View ArticleWhy is universal forwarder installation failing with error "Could not bind to...
Installing universal forwarder is failing because it cannot bind to TCP 8089. My understanding of TCP communications is this: Client reaches out to destination server via a dynamic TCP Port to a...
View ArticleForwarding a log that's constantly updating, how to prevent indexing...
Hi, We are currently monitoring a log file that tracks available time and unavailable time using the universal forwarder. The issue that we are running into is that we are getting duplicate events...
View ArticleCan I use the Microsoft Cert Store for Universal Forwarder SSL Communication?
I am working on getting Splunk secured with certificates. We have a requirement to ensure the integrity of our audit logs as they are transported to Splunk. This would mean that I need to use SSL/TLS...
View ArticleIs there documentation on forwarder behavior for various types of inputs when...
Now this could be a case of RTFM, but I can't find this in TFM :) I am trying to find some documentation on what the Universal Forwarder does when it can't connect to an indexer for various scenarios....
View Article