Found a SSLv3 "POODLE" vulnerability on Universal Forwarder 6.4.2. How to...
We just found SSLv3 "POODLE" vulnerability alerts from our IPS system. And our Splunk Universal Forwarder is in 6.4.2. I thought the SSLv3 POODLE issue only appear at Splunk version earlier than 6.3?...
View ArticleHow to monitor Windows Event Logs that roll to an archive every hour?
I have a WinEventLog://System log which rolls to archive every hour or so. I have 4 questions; 1) is the Splunk Universal Forwarder (UF) clever enough to ingest archived files based on the default...
View ArticleHow to check the universal forwarder's metrics.log to get instantaneous_kbps...
From Documentation: To verify how often the forwarder is hitting this limit, check the forwarder's metrics.log. (Look for this on the forwarder because metrics.log is not forwarded by default on...
View ArticleCan we configure the forwarders to use SFTP for transferring the files?
Can we configure the forwarders to use SFTP for transferring the files? If not is there any way to encrypt data by Universal Forwarder (UF)? Does UF support SSL?
View ArticleCan we configure some Universal Forwarders to forward data to port 9998 with...
Can we configure some Universal Forwarders to forward data to port 9998 with SSL on indexers and the remaining Universal Forwarders to forward data to port 9997 without SSL on same indexers? If yes,...
View ArticleWhy are universal forwarders installed on domain controllers not sending all...
I have 4 domain controllers with Splunk Universal Forwarders installed on them. I'm trying to get the Windows Security logs and Cisco ASA logs sent to my Splunk Light server. I get the ASA sys logs...
View ArticleHow to prevent linux_message_syslog input from overriding the FQDN of the...
All, I have an input in linux_message_syslog that seems to be working fine, but the universal forwarder is providing the FQDN of the host back to Splunk. This specific input seems to be overriding the...
View ArticleOracle WebLogic App for Splunk: How to resolve universal forwarder error...
Hi, We're trying to configure this app, but after reading and re-reading the guide, still no luck. We're running: Splunk: 6.5.2 WebLogic 10.3 I think the issue is related to this error we see in the...
View ArticleSocket not supported error while installing universal forwarder on Bash...
Hi, I am trying to install a universal forwarder on Bash(Virtual Linux terminal on windows). Step 1: Install Splunk universal forwarder using - tar xvzf...
View ArticleSplunk Universal Forwader constantly crashes with "Crashing thread:...
Splunk Universal Forwader constantly crashes with "Crashing thread: indexerPipe". splunkd.log shows: WARN IndexerService - Indexer was started dirty: splunkd startup may take longer than usual;...
View ArticleSplunk Add-on for Microsoft Windows: How to disable this add-on on all...
If i wanted to disable Splunk Add-on for Microsoft Windows on all Universal Forwarders (6.4.4) and only use my own app to collect Windows logs, what would be the best way to do this? I was going to...
View ArticleSplunk Universal Forwarder 6.4.1 and all Versions younger than 6.2 cannot be...
The Error Message on the screen is`enter code here`: "UniversalForwarder Setup ended prematurely" Versions older than 6.2 (e.g. 6.1.3) of Splunk Universal Forwarder and Splunk Enterprise (and other...
View ArticleWhy is props.conf in my deployment-app not getting picked up?
I have a standalone Splunk environment - I have universal forwarders and an indexer/Deployment server which acts as the Search head also. I have a deployment-app under...
View ArticleAre there any specific settings to apply for DC's that generate a lot of...
Hello, I'm missing some logging in Splunk from several DC's. Most likely, the reason behind is that the DC's are generating too much logging the Universal Forwarder (UF) is capable of handling. Setting...
View ArticleWhat is the difference between these two configurations in inputs.conf on...
Under inputs.conf on Universal Forwarder (UF), i have these config as below:- 1.) [monitor:///var/home/jboss/logs/*.log] disabled = false followTail = 0 sourcetype= xyz 2.)...
View ArticleIs there a search to check if the universal forwarder has enabled...
I have enabled forceTimeBasedAutoLB on universal forwarder, but i want check whether that forwarder is making use of this change or not. So, is there any search or command to check that?
View ArticleHas anyone integrated Puppet with Splunk?
Did anyone integrated Puppet Enterprise to Splunk? I'm not getting proper documentation how to setup. I found Puppet Enterprise App for Splunk but I don't see much documentation how to set it up and...
View ArticleIs it possible for the Splunk Log driver for Docker to include options to...
An enhancement request to splunk log driver for Docker containers to include an option to mention the customized hostnames, I read an article on...
View ArticleIs there a version of the universal forwarder that is compatible with Windows...
Hi Splunker, Currently, we are panning upgrade to Windows Server 2016, may i know, will Splunk release latest msi version which is supported Windows Server 2016 64 bits? Or we still can use latest...
View ArticleHow to calculate autoLB time interval?
Can i please know how to calculate the autoLB time interval as i am planning to change the default value. For example, a Universal Forwarder (UF) sends 15GB of data, so how much autoLB time interval...
View Article