Can data being sent from a Universal Forwarder be filtered at the indexer...
We have a Universal Forwarder that is sending a huge amount of data. We need to only index events that contain any of these words-- "EnvisionResponse" or "EnvisionRequest" or "TransactionStatusDetail"....
View ArticleFor perfmon metrics, is it possible to specify an index at universal...
Hello Is it possible to specify an index when you install an universal forwarder for perfmon's metrics or after with the CLI? I don't want to modify directly the .conf file. By default, the data is...
View ArticleWhy does the Universal Forwarder index a CP1251 encoded file twice?
Hello! I'm trying to pre-filter and forward structured .csv file from Universal Forwarder (UF) to Splunk Enterprise server. This file is CP1251 encoded, not UTF-8. I've made a new sourcetype and copied...
View ArticleWhy are the Index and SourceType names in our Active Directory forests not...
We have two Active Directory forests in our enterprise with Universal Forwarders installed on all of our domain controllers. The sourcetype and index names in one forest do not match up with the...
View ArticleCan I replace Splunk Universal Forwarder with Apache NiFi?
NiFi has a putSplunk processor that should do what I want (send data to an indexer) BUT it doesn't have any place for me to specify sourcetype, or index, and it only has one "Host" field, whereas I...
View ArticleIs it possible to configure Splunk to show the filename only and not the...
In the Splunk deployment we have, I'm using the Splunk universal forwarder to monitor changes to a folder, specifically when a file is added, on an sftp server. So far this is working, however it's...
View ArticleWhy does migrating universal forwarder to 6.4.3 display...
Hi all, I've 3 Splunk 6.4.1 Indexers and a Splunk 6.4.1 Search Head + Distributed Management Console (DMC) on Linux Red Hat 6.6. I've tested Windows Event Log in Windows 2008 R2 Domain Controller...
View ArticleCan SSL be configured when sending data to Universal Forwarder through TCP...
Hi, Data is sent to Splunk Universal Forwarder (UF) through the TCP connection. From UF, data is forwarded to indexers. As we know SSL is supported by Splunk when Data is sent to Indexers. But can SSL...
View ArticleHow to configure the forwarding of Microsoft Windows Print Server logs?
Hi Guys, I have installed universal forwarder on Print server, Windows Server 2012 R2 and configured the receiver IP and Port on it. On the Splunk deployment server, I tried to configure Windows Event...
View ArticleHow to resolve missing DHCP logs when my connections and configurations seem...
This is for troubleshooting of our Splunk Enterprise and/or Splunk universal forwarder. We have missing logs on two of our servers, Splunk universal forwarder is installed on the said two servers,...
View ArticleWhy does using the Splunk Forwarder with Splunk Free display message "This...
From my understanding the Splunk free license still lets you forward logs from other servers using the Splunk universal forwarder. On my indexer web interface, I can view the Splunk forwarder server...
View ArticleIs it possible to collect logs from Active/Standby application server pair...
Hello, We have an application which runs on 2 servers, 1 is the active server and one is a hot standby so if one server fails the other automatically picks up, we can also force it to fail over as part...
View ArticleHow to disable processes run frequently by Splunk universal forwarder?
I see that these commands are executed every minute: splunk-powershell.exe splunk-winprintmon.exe splunk-regmon.exe splunk-netmon.exe splunk-admon.exe splunk-MonitorNoHandle.exe The first one actually...
View ArticleHow to set up a Universal Forwarder to allow it to receive logs via the REST...
We have a Universal Forwarder (UF) installation on premises that collects logs from various UF Agents and sends them to Splunk Cloud. But we also want to be able to send logs via an API to the...
View ArticleCannot See Universal Forwarder from Splunk Enterprise
Hello, I have installed splunk enterprise in a windows environment. I have installed Universal Forwarder on a separate machine. Before running the ./splunk add forward_server command (to add the...
View ArticleWIndows 7 support
I was trying to download the universal forwarder for windows 7 32 bit OS, but i can see only windows 8, 8.1, 10 OS. Is Splunk supporting windows 7? If I will download universal forwarder for windows 8....
View ArticleWhy am I unable to install Splunk universal forwarder on Windows server 2012 R2?
Hi Unable to install Splunk universal forwarder on Windows server 2012 R2, please help to solve this issue. Logs 04-04-2017 21:49:01.089 +0530 INFO ServerConfig - Found no hostname options in...
View ArticleCSV and TSV File Inputs on Universal Forwarder - Do I need to configure both...
I am going to be forwarding CSV and TSV files, and was wondering if I need to configure **both** INDEXED_EXTRACTIONS and FIELD_DELIMITER in props.conf for the sourcetype on the Universal Forwarder. It...
View ArticleForward a log to a different indexer without forwarding _internal index to...
I have a universal forwarder (version 6.2.5) that is forwarding a monitored log file to an indexer. I want to add another monitored log file that should be sent to a different indexer. I got this to...
View ArticleCollecting logs from the fortified network over the firewall with the forwarders
Greetings, a beginner Splunk administrator here. So I have the case where within my network there are two isolated network zones. One such that could be classified as intranet-oriented or less...
View Article