Why is Splunk 6.2.2 unable to search logs from my Linux server with the...
Hello, I am having an issue with logs coming into my instance of Splunk Enterprise (version 6.2.2) through a Linux server with the universal forwarder installed. I have the server properly whitelisted...
View ArticleWhy am I unable to index contents of a text file being monitored by universal...
Hi, We are trying to get DNS logs into Splunk. Logs are generated in a .txt file and the goal is to use Splunk Forwarder to parse and Index these. After creating the `[monitor: .. ]` stanza under...
View ArticleHow do I monitor Forwarded Events logs on Windows?
I'm trying to monitor Forwarded Events logs on Windows (not application, system, etc.)? My inputs.conf stanza looks like this: [WinEventLog://Forwarded Events] Doesn't seem to work. Anyone had success...
View ArticleCan you configure the Universal Forwarder on NIX (syslog) to send some logs...
We have a syslog server where there are many logs going to the indexer. Can we configure the Linux Universal Forwarder to send some files to the indexer and others to the Heavy Forwarder to be post...
View ArticleIssue with CSV File monitoring on Universal Forwarder
**Splunk Version 6.3.4** We are monitoring a csv file with same name which gets overwritten/updated in every 30 minutes. The issue seems to be intermittent i.e. it picks up the file sometime &...
View ArticleHow to change the the truncating limit in the props.conf file for a scripted...
**I have in the input.conf as an example a scripted input on the server where the Splunk Universal Forwarder is installed** [script://.\bin\LongRunningQueriesRpt.path] interval=*/1 * * * 1-5 disabled =...
View ArticleIs there a version of the universal forwarder that is compatible with Windows...
Is there a version of the universal forwarder that can be used or is compatible with Windows Server 2016?
View ArticleIs there a version of Splunk Universal Forwarder that is compatible with NT4?
Hi folks, You'll have to excuse my memory lapse here - Splunk forwarder on NT4, installation of - I recall getting an old version of the forwarder to install on NT4 some time back, but the version is...
View ArticleWhy do I find duplicate log files after installing Splunk Universal Forwarder...
We installed the Splunk Universal Forwarder msiexec.exe /i splunkforwarder.msi DEPLOYMENT_SERVER="xxx.xx.xx.xx:8089" AGREETOLICENSE=Yes MONITOR_PATH="D:\MS_Logs\Events\" /quiet with the above command...
View ArticleCertificate Renewal Process
Hello All, We are planning to renew certificates for our universal forwarders with pre 6.3 version, and all these forwarders are windows servers 2000,2003 & 2008. We have renew script which is...
View Articleuniversal forwarder trying to parse the data
I have a UF monitoring a couple of files on a AIX box. The UF is forwarding the data to a HF, I verified this in outputs.conf. There are no props.conf present for that input on the UF, only at the HF,...
View ArticleAfter pushing updates to inputs.conf and outputs.conf to the UF, it is not...
I pushed updates to inputs.conf and outputs.conf to the universal forwarder. But it is not forwarding data to the indexers. How can I fix?
View ArticleSplunk unable to fetch Windows Security eventlogs
We have a Windows Universal Forwader installed as service-user (svcSplunk) with read access to ALL eventlogs. (Windows 2008R2) We are getting all eventlogs except "Security" evlogs. We are struggling...
View ArticleForwarder for Linux ARM (Raspberry Pi): Why am I receiving "No scripts found...
Hi. I'm relatively new to Splunk & I am running a Mac, Raspberry is running Raspbian. I've installed the Forwarder for Linux ARM (Raspberry Pi) add-on https://splunkbase.splunk.com/app/1611/ to...
View ArticleRemote Windows Registry Monitoring - Baseline Interval not being honored
Hello I have looked through various splunk answers and could not find an answer specific to my question so I hope this is not a duplicate, if it is please direct me to the appropriate post. We are...
View ArticleStress Test on JMS Modular Input TA and UF
We are having a stress test done on JMS Modular Input TA and UF. Could you pl give us pointers to having the number of instances increased on both JMS TA and UF to scale it up in case the need arises....
View ArticleWhy am I unable to start Splunk Universal Forwarder after installing on...
Got the universal forwarder installed on my Isilon. (/opt/Splunk/splunkforwarder/) Trying to follow the directions to start the service up but its not working. I'm not a Linux guy... ktfs01-2# cd...
View Articleuniversal forwarder delay - 8 minutes
Any ideas why I am seeing an 8 minute delay in the UF -> Index data? The UF is monitoring a logfile that is consistently generating realtime data. When I view the index from my SH, I am unable to...
View ArticleSplunk Universal Forwarder for "WindowsStorageServer2012R2"
Can Splunk Universal Forwarder be installed on WindowsStorageServer2012R2 ? Is Installer for WindowsStorageServer different form installer for WindowsServer ?
View ArticleHow to configure a new Linux Splunk indexer/search head to receive data from...
Hello , I am trying to configure a new Splunk server (search head/indexer, have one). Currently have installed the forwarder with a different server name which is being decommissioned, and now need to...
View Article