Splunk Light Free + Universal Forwarder: How to fix my configurations to...
Hello guys. I am new to Splunk. Let me introduce my problem. I have installed Splunk Light Free on the server (based on Windows Server 2012 Std, hostname: logs.xxx.com) and universal forwarder on the...
View ArticleHow to delete a host and all its data from Splunk so it no longer appears in...
I have a Windows server with the Universal Forwarder installed for testing. I now want to remove that host and all data it has fed into Splunk, from Splunk. I've uninstalled the forwarder, but I don't...
View ArticleSplunk Add-on for Microsoft Windows: Why is WinEventLog:Security...
I just loaded the Splunk Windows Universal Forwarder 6.3 on a Windows box and ran the following search: index= sourcetype="WinEventLog:Security" | stats sparkline count by EventCode,...
View ArticleDeployment server not updating apps
I just setup my first Splunk Deployment server. I'm trying to get used to how it works, and how to manage it. In an attempt to K.I.S.S. I decided that my first app that I would deploy and manage would...
View ArticleWhy do edits to inputs.conf for Splunk_TA_windows on the deployment server...
I just set up my first Splunk Deployment server. I'm trying to get used to how it works, and how to manage it. In an attempt to K.I.S.S. I decided that my first app that I would deploy and manage would...
View ArticleHow to tell a Splunk Universal Forwarder to not to monitor its own log files?
Hello Everyone, We are trying to monitor log files on a server using the Splunk universal forwarder. The logs directory (say /logs/app3/Oct2015) is being monitored by Splunk forwarder....
View ArticleHow to set site during Universal Forwarder install?
I am deploying Universal Forwarders by either Puppet of SCCM to multiple hosts. They will be forwarding to a 6.3.0 multisite index cluster. Is there a way to set site=site0 in the...
View ArticleHow to configure Splunk Light for receiving data from a Universal Forwarder?
I have Splunk Light on Windows and the Universal Forwarder on Raspberry. According to docs, I need to create a server class for receiving data. The admin UI does not give me an option to do so. How do...
View ArticleHow to set the site during Universal Forwarder installation for a Splunk 6.3...
I am deploying Universal Forwarders by either Puppet or SCCM to multiple hosts. They will be forwarding to a 6.3.0 multisite indexer cluster. Is there a way to set site=site0 in the...
View ArticleWhy did LINE_BREAKER on a Splunk 6.1.1 universal forwarder cause a CPU spike?
Hi, I had a customer complaining that the Universal Forwarder on their server was running very hot. I checked, and lo and behold, it was running at 100% (Splunk 6.1.1). I checked the splunkd.log, and...
View ArticleBatching gzipped files residing in 4 directories into Splunk, is there a way...
I am batching gzipped files into Splunk. The files reside in 4 directories. Splunk, per splunkd.log, appears to be reading only the files in the first batch statement. Is there a way to run parallel...
View ArticleCan the Universal Forwarder send logs to an AWS S3 bucket?
Hello, We would like to be able to have our universal forwarders that are installed on AWS instances, to forward logs/indexes to an S3 bucket(instead of an indexer). Our client will then use their own...
View ArticleHow to troubleshoot why a universal forwarder lost data when forwarding to an...
I deploy a universal forwarder on SUSE Linux server, and monitor a log file. This forwarder forwards data to an indexer. We found that sometimes we can't search some logs which were added to the log...
View ArticleWill the File/Directory Information Input add-on work on a universal forwarder?
Does the File/Directory app require a heavy forwarder? It appears to require python.
View ArticleWhy am I getting error "SSL clause not found or servercert not provided - SSL...
Hello, We're using Splunk 6.2.3. When adding the first universal forwarder on Windows Server 2008 R2, we got this error in splunkd.log: Indexer: 10-30-2015 11:41:58.910 +0800 ERROR TcpInputProc - Error...
View ArticleHow do I manually active the SplunkForwarder server for a universal forwarder...
I have an issue with my forwarder in Windows 7 (32bit). After I installed a Universal forwarder by .msi, indexer did not receive any information from the forwarder. Below is what I get through a...
View ArticleHow do I manually activate the SplunkForwarder service for a universal...
I have an issue with my forwarder in Windows 7 (32bit). After I installed a Universal forwarder by .msi, indexer did not receive any information from the forwarder. Below is what I get through a...
View ArticleHow to send different logs to different indexers from the same Universal...
I have one universal forwarder (UF) that is sending production data to the production intermediate Forwarder (IF) and then on to the production indexers. I would like to start collecting test data from...
View ArticleWhy are the timestamps different when indexing CSV files locally versus being...
I'm having an issues with timestamps on CSV files. Here is what a sample of raw data looks like:...
View ArticleSplunk universal forwarder v6.2.6.274160, how can I verify which version of...
We continue to get the freak vulnerability security item show up on our scans and the ssl version of splunk was identified as an issue. Does the new install package remove the old ssl version or do I...
View Article