Linux auditD install on Universal forwarder
HI, trying to install linux auditD on universal forwarder. The app has been installed by support on Splunk Cloud. The UF in installed on syslog server and forwards data direct to Splunk cloud, no HF or...
View ArticleCan I use a Splunk universal forwarder to monitor memory, disk I/O, and CPU...
Hello Splunkers, I want to ask you about Splunk Universal Forwarder memory, CPU and DISK I/O consumption monitoring on client machines because I can do this only with a full Splunk Enterprise instance...
View ArticleWhy are there many duplicate events in the indexer cluster?
I have a single site cluster that contains 5 indexers, 4 search heads, a master node, and a deployer. There are also some universal forwarders with load balancing. All events in the indexer cluster are...
View ArticleWhy are there many duplicate events in the indexer cluster?
I have a single site cluster that contains 5 indexers, 4 search heads, a master node, and a deployer. There are also some universal forwarders with load balancing. All events in the indexer cluster are...
View ArticleWhy am I seeing these extra fields when I log a BZ2 file?
One of the log files being monitored by Splunk is a bz2 file. It is being read by the UF on the server. The local/props.conf in the add-on to process the events looks like this: [mvm:csv]...
View ArticleIs it okay to run a universal forwarder without an inputs.conf?
I am the security guy and Splunk admin. I am running 6.6.x universal forwarders on all my windows servers. I just found out that the server admins are cloning boxes all willy-nilly. When trying to...
View ArticleOptimising CPU + RAM usage on Universal Forwarder
Hello guys, I've been looking around in the questions and most of them are about forwarders causing High CPU because of some bug or some misconfiguration. My questions is about optimising and tweaking...
View ArticleCan my lookups be forwarded to a Splunk Cloud search head from a local...
Hi, We are in process of migrating On-Premise Apps to Splunk Cloud. There is one App in which few scripts are there which (by accessing local directory) updates the lookup files continuously to be used...
View ArticleHow can we monitor changes to inputs.conf file on our universal forwarders?
Using Splunk Enterprise 6.2.2 The Problem: No data ingested. We have several deployed APPs and would like to monitor changes to inputs.conf file on our universal forwarders. We have created a new app...
View ArticleLinux auditD install on universal forwarder
HI, Trying to install Linux auditD on universal forwarder. The app has been installed by support on Splunk Cloud. The UF is installed on Syslog server and forwards data direct to Splunk Cloud, no HF or...
View ArticleHow to send Windows events to a third-party server using Splunk Universal...
Hello, I'm trying to send windows events using an Universal Forwarder to a 3rd party system. I configured outputs.conf as shown below: ***[tcpout] defaultGroup = primary_indexers***...
View ArticleUniversal forwarder on Windows servers
We are in the process of planning our Splunk deployment. We have some where around 5,000 Windows servers that will be using the UF to forward. Currently in our DEV space we are sending to the indexer...
View ArticleIs there any way to replicate the whitelist settings on the deployment server?
Hi, I installed the universal forwarder agent on some servers for monitoring and would like to add a whitelist filter on the Windows security event. When I add the "whitelist" line in the inputs.conf...
View ArticleWhy did all of my servers stop sending logs? Configuration issue?
Hello Guys, I have a bit of a curious case and it is really bugging our production environment. I have deployed around 12 Windows UF to monitor Security event logs within AD servers which are located...
View ArticleWhat's best practice for monitoring bash_history of all users in the system?
Hello, all! Maybe someone has set up tracking bash_history file from all users in /home/*/.bash_history I experimented with fschange, but splunkforwarder don't send data to server. Splunk user can...
View ArticleIs there a way in Splunk universal forwarder to set CPU and Memory...
We have more than 3000+ forwarders in our environment. Few weeks back unix team has published a report showing all the top process that consume more cpu and memory usage. Splunkd was among the top 3....
View ArticleIs there a way set CPU and Memory consumption for splunkd process to a...
We have more than 3000+ forwarders in our environment. Few weeks back unix team has published a report showing all the top process that consume more cpu and memory usage. Splunkd was among the top 3....
View ArticleHow to set up a universal forwarder using Puppet?
I am looking for information or examples on how to install and configure universal forwarder on Windows using Puppet. I had built a powershell script for on non puppet supported device but need to also...
View ArticleHow to find universal forwarder IP address?
Hello. I installed free universal forwarder from splunk website now i installed it on my pc but what is the ip address for that instance, how to find it.
View ArticleSplunk Cloud: do custom universal forwarder certificates ever expire?
Does the Universal Forwarder custom certificate for Splunk Cloud ever expire? If so, when does it expire?
View Article