Splunk Universal Forwarder Deployment with SCCM
Hello, We are trying to deploy the Splunk Universal Forwarder using Microsoft SCCM. I can successfully install the MSI from the command line using: msiexec /i...
View ArticleHow to deploy a Splunk Universal Forwarder through GPO and MST setup?
I have been trying to push the Splunk Universal Forwarder out to my client systems via GPO. I would like, however, to generate an MST file that: a) Accepts the EULA and b) sets a predefined Receiving...
View ArticleHow to configure third party certificates for deployment server and...
I am trying to replace the Splunk certs with a third-party certs and following http://docs.splunk.com/Documentation/Splunk/6.3.0/Security/Securingyourdeploymentserverandclients I am a bit confused...
View ArticleCan I upgrade my Linux universal forwarders directly from Splunk 6.0.3 to 6.3.0?
Hello, Just checking to see if it is okay to upgrade my Linux universal forwarders directly from 6.0.3 to 6.3.0 or if I need to make an intermediary jump. Thanks.
View ArticleUniversal Forwarder resends entire Security Event log after upgrade.
I have recently started upgrading Windows universal forwarders from 6.0.3 to 6.2.6. After I upgrade them they seem to be resending the entire Windows Security log (2GB) instead of continuing where they...
View ArticleHow do I configure Universal Forwarder to not send INFO Metrics over TCP?
My ouputs conf looks like this:> [tcpout] defaultgroup = logstash> disabled = false>> forwardedindex.0.whitelist = .*> forwardedindex.1.blacklist = _.*> forwardedindex.2.blacklist...
View ArticleCan I configure a universal forwarder to send syslog messages to a syslog...
Could some one help me out here.. Can I configure a Universal forwarder to send the syslog messages to a (non splunk) syslog server? Right now I have Universal forwarder which is sending data to a...
View ArticleUniversal forwarder is truncating/adding extra line breaks to events output...
We have a universal forwarder set up to forward incoming messages to logstash, TCP -> forwarder -> TCP: outputs.conf: [tcpout] defaultGroup = logstash [tcpout:logstash] server=localhost:7777...
View ArticleWhy are my universal forwarder data inputs to index CSV files not working?...
Hello fellow splunk users! I am encountering a problem with indexing .csv files. A bit of background story: I am trying to index Windows Server 2003 data. Installing an universal forwarder does not...
View ArticleIs it possible for Windows event logs to be flagged up on the Active...
I have been assigned with the task of implementing Splunk on my company network. I have Syslog communication with my server with no problems, but I would like to have my Windows devices communicating...
View ArticleWhere should I put my syslog universal forwarder/deployment server with...
Hi folks, I'm planning on installing some new machines running Splunk instances. Two of the machines are going to run an indexer cluster, one a cluster master and one a search head. The last machine is...
View ArticleSplunk Light: After creating a server class to collect Windows event logs...
I'm evaluating Splunk Light for purchase and running in to some issues collecting Windows Event Logs from multiple servers. I installed the Universal Forwarder on a few machines, then to test the...
View ArticleSplunk 6.2.3 Universal Forwarder maxQueueSize: What is the algorithm used to...
The outputs.conf.spec shows a default value of "auto". The Splunk Universal Forwarder version is 6.2.3 on RHEL 6.6. What is the algorithm used to determine the amount of memory to use? I have OS...
View ArticleFixing Splunk for Symantec and its search criteria
OK, so after fighting with this app for a few days, it seems a part of the issue has to do with the actual searches. When using Splunk for Symantec, it seems the best thing to do is use the universal...
View ArticleCan you deploy the Splunk App for Unix and Linux from a deployment server to...
I have the Splunk App for Unix and Linux set up to deploy from my deployment server and I have been able to successfully deploy it to existing servers that I have in my environment - but all of those...
View ArticleWhy is the indexer discovery clear text password not being encrypted?
I've enabled indexer discovery on my 6.3.1 linux universal forwarders. http://docs.splunk.com/Documentation/Splunk/6.3.1/Indexer/indexerdiscovery 3. Configure the forwarders a. Configure the forwarders...
View ArticleCan a Universal forwarder filter lines from log?
I've read the docs on how to filter events from: http://docs.splunk.com/Documentation/Splunk/4.3.3/Deploy/Routeandfilterdatad The documentation makes mention that somethings the light and "Universal...
View ArticleWhy are we getting a deployment checksum failure on all universal forwarders...
After a recent `deploy-server reload`, all of my Splunk_TA_Windows clients except for 5 started showing up with the following client errors: 11-12-2015 14:43:24.037 -0800 WARN ClientSessionsManager -...
View ArticleOS Compatibility: Can a Splunk universal forwarder be installed on a machine...
I've been asked to install a Splunk Universal Forwarder on an machine running: SCO UNIXWARE 7.1.4 I can't find any details on if this is supported by Splunk Universal Forwarders - this is a strange...
View ArticleSplunk Cloud Trial: Why am I getting "ERROR TcpOutputFd - Connection to...
I signed up for a Splunk Cloud trial, and set up a universal forwarder on one of our EC2 instances. However, I keep getting this in splunkd.log: ERROR TcpOutputFd - Connection to host=[ip address of...
View Article