Why is my deployment client showing as disabled and says splunkd needs to be...
I'm troubleshooting a deployment client and I've gotten stuck; Deploy server $ /splunk/bin/splunk --version Splunk 6.1.4 (build 233537) Note: This server deploys apps successfully to 125+ clients....
View ArticleIs there any history of the apps downloaded to my universal forwarders from...
Is there any history of the apps downloaded to my universal forwarders from my deployment server?
View ArticleCan someone help me to install and configure a universal forwarder on a...
I need to collect the security logs from the Windows 7 machine and add the data to Splunk Cloud. I am new to Splunk and am not familiar with the product. Thanks,
View ArticleHow to troubleshoot why a Windows Splunk universal forwarder is not starting...
Hi guys, My splunk universal forwarder is not starting on my Windows 7 workstation, when I attempt to start the service, I get the below error, Also, the splunkd logs only contain INFO, 10-05-2015...
View ArticleSplunk App for Stream: How to resolve congestion in parsing queue after...
Hello Stream experts, I'm doing a stress test with the streamfwd by capturing many short-live TCP traffics over 35000 cps. Splunk App for stream is running on a universal forwarder and sending the...
View ArticleHow to filter out a Windows Event Code if the event from a user repeats over...
I want to capture Windows Event Logs EventCode 4673 when it happens once for each user over a period of one hour. If a single user generates this Event Code 100 times in one hour I would like to record...
View ArticleForwarder not recursively indexing in 6.3. Works in 6.2.5. A bug?
I have multiple servers running a Splunk 6.2.5 universal forwarder and it is indexing recursively just fine from /var/log/... I just installed 6.3, using the exact same install script (very vanilla,...
View Articledelay forwarder ingesting file
I have a script that creates a file, thoguh the command that is run, has a very long output, and it takes about 20 seconds to build the input. This script is ran every 60 seconds, and I use crcSALT =...
View ArticleConfigure a index to filter inputs from forwarders
I have a universal forwarder monitoring log files that contain the line INFO [2015/10/13 10:50:00.193] C93| Closing call logging file D:\RT\CDR\C093.2015-10-13#10-45.csv. I obviously want to filter...
View ArticleDoes atime (file access time) need to be up-to-date for the universal...
Hi there, Would someone tell me if I can disable atime update for logs monitored by a universal forwarder? Even though atime is not being updated, can the forwarder correctly monitor and splunk the...
View ArticleIs it better to have Universal Forwarders on each server, or collect logs...
What would be the better solution: deploying Universal Forwarders to each server in the environment or collecting logs in a single place first and then sending them to the indexers. What would be the...
View ArticleInitially, props.conf line breaking works properly and extracts the...
We have a database log monitored input file that we are monitoring with a universal forwarder. We have a props.conf file at the indexer that is in place and breaks the event properly at first, but then...
View ArticleIs the Splunk 6.3 universal forwarder using 90% of your CPUs?
I'm not sure how long it has been happening, but I began to see it across our UFs today.
View ArticleHow to troubleshoot why a Windows universal forwarder can forward permon data...
Hi to all, I'm a newbie with Splunk this week, and trying to configure a forwarder in W2008 in order to forward event logs to Splunk Light 6.3 configured as an indexer in Centos. I've installed the...
View ArticleIs the Splunk Add-on for Nessus supported on Windows?
good morning I installed the universal forwarder on the Windows box, and the Splunk Add-on for Nessus. It doesn't work. Is the Splunk add-on for Nessus supported on Windows? This inputs.conf file isn't...
View ArticleWhat deployment apps subdirectory on a Linux Deployment Server do I need to...
I'm trying to follow the Splunk documentation to set up my Splunk Linux Deployment Server to update configuration files for my Windows servers using the Splunk Forwarder. Specifically, I would like to...
View ArticleWhat deployment-apps subdirectory do I need on a Linux Deployment Server to...
First, if this is a repeat question, I apologize. I tried to ask this question a short time ago, but cannot find it anywhere. The situation is this. I loaded the Splunk Windows Universal Forwarder,...
View ArticleHow to set hostname for the Splunk Windows Universal Forwarder
When I installed the Splunk Universal Forwarder for Windows, the inputs.conf file has the stanza; [default] host = I want to make the Splunk Forwarder directories on this server part of an image to...
View ArticleWhat are best practices for configuring a universal forwarder to ensure...
I have to set up a universal forwarder on a production log server to monitor events being written at 300 - 400 transactions per second and forward them to indexer pools. Each log event will be of...
View ArticleIs it recommended to use a Splunk 6.3 universal forwarder with a 6.2.X...
What is best practice / recommended when deploying universal forwarders relative to the splunk indexers / base install? Can I use a 6.3 forwarder with a 6.2.x base?
View Article