What file do I need to modify on puppet config to change the Splunk server...
Hello, I have a question regarding puppet and splunk. I'm planning to install the following module. https://forge.puppet.com/puppetlabs/splunk I just want to modify the splunk server name on the...
View ArticleWhy would splunk universal forwarder report "ERROR TailReader - File will not...
splunkd.log is reporting ERROR TailReader - File will not be read, is too small to match seekptr checksum (file=/apps/xxx/xxx/xxx/xxx/logs/systemOut-1.log). Last time we saw this initcrc, filename was...
View ArticleWhy does the Splunk Universal Forwarder 6.5.1 crash on Centos 7.3?
I apologize if this is too brief, but I want to provide the information I know first. I have a working Splunk environment currently, which has been running for years without issue. I noticed, however,...
View ArticleSplunk Universal Forwarder 6.5.3 installed on Windows 10 workstations stop
I am running Splunk Enterprise on a Windows Server 2012 R2 and have installed both the Splunk Universal Forwarder 6.5.3 and 6.6.1on Windows 10 workstations. I have noticed that after about a week after...
View ArticleWhy my sourcetypes under universal forwarder not showing up in Splunk GUI?
We have a windows forwarder running on vm02, and forwarding data to vm01 which is the main Splunk Enterprise. we configured the inputs and props.conf in the vm02 forwarder level, so far we are able to...
View ArticleSplunk UF forwarding to a unidirectional data diode which then forwards logs...
Here's a quick rundown of the environment: Virtual Machines (linux splunk instances), No internet connection, air gapped environment that uses a unidirectional data diode. In this environment there is...
View ArticleHow to create a report that lists of all enabled apps on Splunk Universal...
I would like to create a report/dashboard that includes among other things the list of Splunk apps installed on universal forwarders and their versions. I created the report for apps installed on heavy...
View ArticleHow to stop access to Port 8089 in Splunk or change password on Universal...
On all the Universal Forwarders, any user has the ability to access REST API called Splunk ATOM Feed:Splunkd. They can access this on any Universal Forwarder by putting in https:localhost:8089 or...
View ArticleHow to configure the Splunk Add-On for BMC Remedy in Splunk Enterprise?
I'm trying to use the "Splunk Add-on for BMC Remedy" add-on under Splunk Enterprise. I have a Remedy server, SplunkFwdr, with the universal forwarder installed and it identifies my Splunk Enterprise...
View ArticleWhy can't I find the Universal Forwarder tab to download credentials?
I am trying to follow this tutorial: http://jasonpoon.ca/2017/04/03/kubernetes-logging-with-splunk/ I logged into a Splunk Cloud account (companyName.splunkcloud.com). But I can't find the Universal...
View ArticleIs it possible for a single splunk universal forwarder to be managed by two...
I was wondering if possible for a single splunk universal forwarder to be managed by two different deployment servers? I imagine it may not be advisable, because of potential configuration clashes, but...
View ArticleUniversal forwarder support on RHEL 7
Hello, I do not see any version of Splunk universal forwarder for linux kernel 3.10+ on the dowload portal. Is the last universal forwarder version on linux (2.6+ kernel) supported on linux kernel...
View ArticleDo I need to configure a separate receiver port for sysmon data?
I currently have a receiver setup and it's ingesting data from a log source. I am looking to install the Splunk Universal Forwarders on workstations to forward Sysmon. Do I need a separate receiver...
View ArticleHow to configure the universal forwarder to collect System Properties on a...
How can I configure the universal forwarder to collect the hosts system properties?
View ArticleWhy are there a lot of splunkd processes running in Splunk Universal forwarder?
I have Splunk Universal Forwarder 6.2.0 running and I see a lot of splunkd processes running upon starting/restarting this. This seems to be causing some performance bottlenecks in our setup. Why is...
View Articleバージョン 6.6.1 の Universal Forwarder を Windows OSにインストールできない
Windows OSに、Universal Forwarder をインストールしようとしたところ、インストールが途中で停止してしまい、インストーラーを手動で強制終了しました。 splunkd.log を確認したところ、下記のメッセージが出力されていました。...
View ArticleHow to resolve error "ERROR IndexConfig - stanza=perfmon Required...
When using Windows 2016 Universal Forwarder 6.6.1, I'm running into issues with starting indexer. splunkd log indicates the following 06-29-2017 11:42:32.517 -0500 INFO loader - Initializing from...
View ArticleOffline server sending to Splunk when it has connection to Splunk Server
We have a standalone system that has a Universal Forwarder on it. While working on the standalone, it should still be collecting data for Splunk. Once we remove the drive and place it on the network,...
View ArticleWhy is SSL on Universal Forwarder failing with error "WARN SSLCommon -...
Hi, I just followed the answer in the below post to configure SSL between my UF and the indexer:...
View ArticleModern Honey Network: How to use the Splunk Universal Forwarder and what is...
Hi, I'm very confused about how to use Splunk with the Modern Honey Network (MHN) app. I installed it and when I go to https://ipaddress:8089 I end up on a page that says "Splunk Atom Feed: splunkd", I...
View Article