I installed a universal forwarder on a Windows, but why do I not see this...
I have Installed a Splunk universal forwarder on a Windows host and started the services. But while adding the data under "Add data" in my Splunk app, I am not able to see the installed Windows machine...
View ArticleWhy are multiple host names being reported for the same host?
'Morning... I have a v6.5, clustered environment (deployment server), Universal Forwarder on all hosts. I am getting several Linux systems reporting in with two names, shortname and FQDN. But not all...
View ArticleHow to install the Monitoring of Java Virtual Machines on a Universal Forwarder?
Hi All, We planned to install the SPLUNK4JMX in the universal forwarder so that it runs the app in the local machine of the universal forwarder (UF) and sends the data to the indexer. The reason for...
View ArticleIs there a comparison of CPU consumption of HF and UF?
hi all, I want to use splunk heavy forwarder in my company but i wonder that what does it cost me to use HF? Is there any test or something like that about cpu, IO consuming etc. ?
View ArticleIs there a test to compare CPU and memory consumption of a heavy forwarder...
hi all, I want to use a Splunk heavy forwarder in my company, but I wonder that what does it cost me to use a HF? Is there any test or something like that about cpu, IO consuming etc. ?
View ArticleHow to create a golden image of Windows 2008R2 with a Splunk universal...
Hello, I am trying to create a golden image of Windows 2008r2 with a Splunk forwarder on it. I tried running the command `SplunkUniversalForwarder\bin\splunk cone-prep-clear-config`, but I got an error...
View ArticleWhy do special characters "[0[0m" appear in my events?
Hi I deploy Splunk forwarder on a JBoss server to forward data towards my test environment Splunk. In the Universal Forwarder (UF) monitor file server.log file, the line 01/12/16 15:11:50,398 INFO...
View ArticleHow to combine my two searches to alert on duplicate GUIDs for universal...
Hello, We recently deployed Splunk in our environment and recently discovered that our engineering teams are cloning systems without clearing out the universal forwarder GUID and related logs prior to...
View ArticleHow to use BigFix to install and maintain the Universal Forwarder?
I am attempting to use BigFix to install the Universal Forwarder on machines within a multi-tenant environment. I use a single deployment server, and can manually install the UF on a machine and point...
View ArticleWhy is Universal Forwarder unable to process props.conf configuration for...
I have a customer that wants to index psv files with headers. If I omit the props.conf file on the Universal Forwarder (UF), the entire psv file gets indexed as one event without any parsing. I have a...
View ArticleWhy am I unable to forward data from a Splunk forwarder to Splunk Cloud on...
Hello, I have been trying for the last 8 hours to forward data to a Splunk Cloud instance. I generated the credentials off the Splunk Cloud instance as directed and attempted to use them on a heavy...
View ArticleHow to stop splunkd.exe from creating crash dump files under var\log\splunk...
On the universal forwarder, splunkd.exe is creating many crash dump files that are filling up disk space, which affects the services on the server. Please let me know if you have any configurations to...
View ArticleHow to route to an Index based on SourceType AND Host combination in...
I have a setup as Universal Forwarder (UF) - Heavy Forwarder (HF) - Indexer - Search Head (SH). Where multiple UF are sending data to single HF which in turn sends data to single Indexer. I have below...
View ArticleHow to show the host name from a CSV lookup file when there are no results...
I have tried various suggestions from this site but I'm unable to get the desired results. A 3rd party installs UF's (Universal Fowarders) and provides a csv list of hosts that have been deployed. I...
View ArticleDoes anyone have an example of using Puppet Module to uninstall Universal...
Hello guys, Does anyone have an example of using Puppet Module to uninstall / delete / remove properly the UF (Universal Forwarder) on Linux and Windows? Thanks.
View ArticleShould the hardware on my Heavy Forwarder be the same as my Indexer?
My current system is (vastly underpowered, 3.5gig a day tops) a single indexer/search head combo, and 2 heavy forwarders. I have recently been given a requirement to bump this up to ~120GB a day...
View ArticleWhat is the best way to collect and monitor Windows 2008 R2 print server events?
I'd like to track print events from a Windows 2008 R2 print server. I have configured my Universal Forwarder (UF) via this blog: http://blogs.splunk.com/2014/04/21/windows-print-monitoring-in-splunk-6/...
View ArticleHow to edit props.conf to override Splunk truncating JSON data?
Hi Guys, So I figured out that my Splunk instance is truncating my JSON data. That's not good and I'd like to remedy this. In reading, it looks as though I need to override my props.conf file by using...
View ArticleUsing Splunk Web, can I search a specific host name or IP address that...
Hello Splunkers - Using Splunk Web, can I search/index a specific host name or IP address that returns the “Identified UF Version” of that system? The Universal Forwarder 6.4 is already installed. Any...
View ArticleIs the checkpointInterval attribute configurable?
We have thousands of Universal Forwarders (UF) in a large virtual desktop environment where we need to minimize the footprint and particularly the I/O as much as possible. Question is for WinEventLog...
View Article