Whitelist regex in Windows Universal Forwarder don't work
Hello. I need to monitor events with EventCode="4656 on windows server. But only events with string "ObjectType: File" in Message. **inputs.conf** Blacklist1 = EventCode="4656"...
View ArticleHow to configure a universal forwarder to monitor a log file in a certain...
Hi, I have configured a Windows universal forwarder on one of my Windows server. I do not want any of the event logs or performance monitoring on this machine, so I did not select any of that while...
View ArticleHow to configure a Splunk universal forwarder on Microsoft Active Directory...
Hello I am currently working on integrating Microsoft Active Directory servers with the Splunk Linux instance (Search and Indexer in one box). The universal forwarder agent will be installed in AD...
View ArticleUniversal forwarder error: ImportError:...
Hi, I have installed Universal Forwarder version 6.4.2, and using the scripted inputs to retrieve data. When restarted splunk, Splunk reads the inputs.conf file to execute the Python Script. But i am...
View ArticleHow can I download Universal Forwarder Credentials?
The link doesn't seem to work: /en-US/dj/splunkclouduf/ufpackage Returns with 404. Any recommendations? Thanks, Tibor
View ArticleUniversal forwarder consuming 100% CPU. "WARN TimeoutHeap - Either time...
Splunk consumes 100% of the CPU. Installed version is 6.4. Splunk log: 07-13-2016 19:18:11.904 -0500 WARN TimeoutHeap - Either time adjusted forwards by, or event loop was descheduled for 490844ms....
View ArticleDoes a universal forwarder's persistent queue exist after a reboot?
According to this document: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/Usepersistentqueues> The in-memory data can get lost if a crash occurs. Similarly, data that is in the parsing or...
View ArticleIs there any risk in load balancing universal forwarder to an intermediate...
Hello! Our setup consists of Universal Forwarders sending logs through a load balancer to Intermediate Forwarders then they end up in our indexers. The Intermediate forwarders send logs directly to the...
View ArticleSplunk App for Stream: How to configure app to monitor HTTPS over port 443
Hello, I am having issues monitoring wire traffic on port 443 (HTTPS). I am successfully monitoring on port 80 (HTTP), however I am unsure of the additional configurations needed for HTTPS to work...
View ArticleHow to configure the Splunk Add-on for Microsoft Windows to monitor Services...
Hi, In Event Viewer, I have a Proof Point needed for Windows 8.1, Window 10, Event Viewer, Application and Services, Microsoft Windows NetworkProfile/Operational Logs. Unfortunately, nothing is...
View ArticleHow to edit my inputs.conf on a Windows universal forwarder to forward...
Hi all, I'm new to Splunk and I'm having a problem getting the Universal Forwarder on Windows to forward Microsoft NPS/IAS logs to my Linux-based indexer server. I successfully have DHCP logs being...
View ArticleHow to collect Windows event logs that are not from .evtx or .evt files?
I'm trying to collect Windows events. Specifically, I'm trying to collect: \\Applications and Service Logs\Microsoft\Windows\WLAN-AutoConfig\Operational \\Applications and Service...
View ArticlePowershell Input Log File "splunk-powershell.ps1.log" get's very large and...
As part of the new Powershell modular input, Splunk will execute Powershell scripts through it's own built in controls and functions. This ultimately will call "splunk-powershell.exe" which in turn...
View ArticleSplunk Universal Forwarder monitoring NFS share misses log rotation
Background on layout "NFS Share" - Central network storage for logs "Source server" - Solaris zone running a JVM writing logs to the mounted "NFS Share" "Indexing" - Solaris zone running Splunk...
View ArticleIs there a 6.2.x or later version of the universal forwarder supported for...
Hi, I have Splunk 6.2. I need to know if there is an universal forwarder for Windows server 2003 in 6.2 or later. Thank you
View ArticleHow to forward logs from a local data center to a Splunk Enterprise Indexer...
I have been trying at this for a couple of weeks now with no luck. We have a Splunk Enterprise setup in AWS with a search head, 2 indexers, and an auto-scaled group of forwarders for cloud watch log...
View ArticleHow to uninstall Splunk Universal Forwarder from Linux
I have installed the universal forwarder on a linux machine. How can I uninstall it? I install the forwarder just by using `tar` and `splunk install app...`. I saw this [question][1]...
View ArticleHow to configure Splunk to break my sample log data into separate events, not...
Hi, I have the below log data: 16:37:56.875 [[ACTIVE] ExecuteThread: '4' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG splunk - {'externalRefId':'exr654321','message':'input:...
View ArticleHow to limit the amount of data that a splunk universal forwarder sends to...
Hi there I am using Splunk Enterprise for security purposes... But ther is a lot of extraneous data in my Splunk at the moment. Looking through the dashboards I am finding a lot of performance and...
View ArticleWhere can I find the file hash for the universal forwarder install?
Is the hash of the splunk universal forwarder install file available? I found the MD5 hash of the splunk enterprise installer, but cannot find a similar link when downloading the UF.
View Article