Anyone have the GUID for Splunk Universal Forwarder 6.4.3?
As part of a deployment, I need to uninstall using msiexec (instead of add/remove programs), however, I don't have the GUID for version 6.4.3. Does anyone have this info or know where I can find it?
View ArticleCSV Monitoring issues
[monitor:///home/paul/training_status/] whitelist = (\.csv$|\.CSV$) blacklist = \.filepart$ index=training_index sourcetype=training_status crcSalt = <SOURCE> The file gets updated once per...
View ArticleCan Splunk forwarder will forward data at high speed
Hi All, I've report server, which producing log data in "report.log" file, the max size of report.log is 10MB and it will create versions. some time my report server writing data at 10 MB/s if my...
View ArticleIs there a beginner's guide for debugging a universal forwarder instance?
We have set up a universal forwarder and it worked quite nice until a certain date. Since then, no more entries are forwarded to our Splunk server. The problem occurred after we updated our OS to the...
View ArticleSending data to Splunk Cloud using multiple outputs.conf for mobile systems.
I am interested in the community's thoughts on forwarding data to Splunk Cloud for mobile systems. Currently I am working to consolidate all my Universal Forwarders to forwarder their data thru a Heavy...
View ArticleWhy does the Universal Forwarder not forward files to the index or sourcetype...
Hi, I've spent one day trouble-shooting this issue but still don't have any luck. The files I want to forward are a pretty standard .csv with custom timestamps. So I created a sourcetype and an index...
View ArticleTA-nmon - Technical Addon for Nmon Performance Monitor: Why do I receive...
Trying out TA-nmon (1.3.13). I have it deployed on 3 Linux machines, two UFs (Universal Forwarders), and one SH (Search Head). After one day of operation, one of the UFs stopped reporting some data....
View ArticleHow to install the Splunk Add-on for Unix and Linux and get it to work with...
Hello, I have single server which has Splunk Enterprise installed. My requirement is to monitor some linux hosts in our network, have them send performance data like CPU/Memory/DISK stats etc to the...
View ArticleHow to use single inputs.conf across multiple forwarders with different set...
Hi All, Is it possible to configure inputs.conf in such a way that universal forwarders running on different hosts can read the same file but scan a different set of directories? As an example, we want...
View ArticleHow to run multiple universal forwarders on a single Linux host?
I am trying to install 2 universal forwarders on a single Linux host. I read a few articles and changed the httpport and mgmtHostPort in the server.conf file in $SPLUNK_HOME/etc/system/local. I also...
View ArticleShould I use a heavy forwarder or an indexer cluster for my particular scenario?
Hi, I'm hoping for some advice as I'm trying to understand the best way to configure Splunk components in the scenario below. I have two Datacentres (DC) that operate as Active / Passive. Datacentre A...
View ArticleForwarder for Linux ARM (Raspberry Pi): Will Splunk deprecate this add-on...
It looks like there is now a regular ARM version of the UF (Universal Forwarder). It's confusing to have this old add-on, Forwarder for Linux ARM (Raspberry Pi), and a regularly updated UF build,...
View ArticleDoes Splunk support two-way SSL between the Universal Forwarder TCP port and...
Does Splunk's Universal Forwarder supports SSL for TCP inputs (i.e It is receiving data from external application)? Does Splunk supports 2 way SSL between them?
View ArticleAfter installing universal forwarder, why am I getting an error "you...
I'm following "Forward data to Splunk Cloud from Microsoft Windows" document ( http://docs.splunk.com/Documentation/SplunkCloud/6.5.1612/User/ForwardDataToSplunkCloudFromWindows) Point 5 of "Step2"...
View ArticleTurn THP off on Universal Forwarder?
I get the whole thing about turning off THP on Splunk Enterprise instances per https://docs.splunk.com/Documentation/Splunk/6.5.3/ReleaseNotes/SplunkandTHP and many other places. However, everything...
View ArticleAfter editing props.conf, why is sensitive information not masked when data...
Hi All I have followed the regular expression method to anonymize data during indexing as mentioned in the below Splunk documentation....
View ArticleWhat are the best searches to monitor data flow activity from the Universal...
Hi , i would like to monitor the Splunk data flow activity. what are the best Splunk searches to monitor the data sending from UF (Universal Forwarder) moving to HF (Heavy Forwarder) and HF to indexer?
View ArticleWhat is the best way to filter events at Heavy Forwarder level?
Hi. I am trying to send logs from a bunch of Universal Forwarders (UF) to a Heavy Forwarder which will then forward it to a SOC (managed service - we have a syslog receiver onsite). Currently, all the...
View ArticleWindows Server 2016: Support by Splunk Enterprise & Universal Forwarder
Server 2016 was released approximately 6 months ago, but it is still not listed as a supported OS on the [system requirements page][1]. When can we expect to see support in: - Univeral Forwarder -...
View ArticleWhy is the Universal Forwarder reporting the wrong IP to Deployment Server?
I have about 6 hosts that are reporting their IP address to my deployment server incorrectly. They are running Universal Forwarder 6.5.2. ![alt text][1] They all show up as the same 172.22.254.250...
View Article