Load Balancing with universal forwarders as intermediate layer
In current design, we proposed two load balanced HFs to collect the data from 200+ end-points and pass it to next level of heavy forwarders at Splunk hosted environment. However, with concerns around...
View ArticleHow can I install multiple instances of the universal forwarder?
My team are the IS Security folks for the company. We are migrating to SPLUNK from McAfee Nitro and currently we only have a need to look at Windows security event logs. We have our business folks...
View ArticleDoes Splunk provide fully supported Docker universal forwarder ?
We are looking at using the Docker Universal Forwarder for logging forwarding from the official GitHub Splunk repository....
View Article3 Splunk universal forwarders/hosts monitoring the similar log file/path have...
Hi, I see that 3 Splunk universal forwarders/hosts monitoring the similar log file/path have stopped ingesting logs. Logs from other paths are being ingested, though. I checked the splunkd.log and I...
View ArticleSplunk UniversalForwarder Restart
I will have a dashboard which will show the list of servers which is not sending the logs and i will have "Button" against to that servers and when the user clicks the button the respective universal...
View ArticleCannot forward data from universal forwarder on a VM network
Hi, I'm trying to set up a universal forwarder on a VM network. I've set up the inputs and outputs configuration files on the forwarder: In inputs.conf: [monitor:///var/log/syslog] sourcetype = syslog...
View ArticleButton in a dashboard to reset a universal forwarder
I will have a dashboard which will show the list of servers which is not sending the logs and i will have "Button" against to that servers and when the user clicks the button the respective universal...
View ArticleWhere can I find the complete documentation of configuration options for...
In the Forwarder manual (http://docs.splunk.com/Documentation/Forwarder/6.6.3/Forwarder/Abouttheuniversalforwarder), we have a section on "Configure the universal forwarder". It listed some example...
View ArticleButton in a dashboard to Restart an universal forwarder
I will have a dashboard which will show the list of servers which is not sending the logs and i will have "Button" against to that servers and when the user clicks the button the respective universal...
View ArticleUF stopped sending data after a reinstall
We were facing issue in Splunk log forwarding to IDXer cluster. I found that our enterprise instance servers are 6.5.3 and UFs were of 6.6.2. So I uninstalled 6.6.2 version of UF and reinstalled 6.5.2...
View ArticleWhat are the capabilities of the "force_local_processing"
Does anyone know the full effects of the new option "force_local_processing "? How does it change the following information: https://wiki.splunk.com/Where_do_I_configure_my_Splunk_settings%3F What are...
View Articlehow to get rid of json getting wrapped inside "event" field
I am trying to send json format data from consuming from kafka to splunk forwarders over tcp.. - If I send json data from kafka {"a": "b"} over tcp (I have a module that sends json to tcp on port 9999)...
View ArticleWhen I sent JSON data from kafka to Splunk over TCP it shows up as...
I am trying to send json format data from consuming from kafka to Splunk forwarders over TCP.. - If I send json data from kafka {"a": "b"} over tcp (I have a module that sends json to tcp on port 9999)...
View ArticleIs there an easy way to redirect existing universal forwarders to a new...
We are migrating datacenters and the current virtual deployment server has been replicated to the new facility. I can bring it up, change the IP and hostname but is there a central way to redirect...
View ArticleCan I change the management port 8089 on only the vCenter universal forwarders?
Hi - I've seen various discussions on this topic, namely 8089 used by vCenter as well as SPLUNK's deployment server but not always being resolved. From a server environment the vCenter ports (can't be...
View ArticleUniversal forwarder stopped sending data after a reinstall
We were facing issue in Splunk log forwarding to IDXer cluster. I found that our enterprise instance servers are 6.5.3 and UFs were of 6.6.2. So I uninstalled 6.6.2 version of UF and reinstalled 6.5.2...
View ArticleHow to send Windows events to a third-party server using Splunk Universal...
Hello, I'm trying to send windows events using an Universal Forwarder to a 3rd party system. I configured outputs.conf as shown below: ***[tcpout] defaultGroup = primary_indexers***...
View ArticleCan I have two apps that have two different indexers and indexes for the SAME...
I have an app with an inputs.conf that has a stanza for [WinEventLog://Microsoft-Security-Logs] to an index and uses _TCP_ROUTING to make sure the events go to the correct indexer. I have a group that...
View ArticleCan I have two apps that have two different indexers and indexes for the SAME...
I have an app with an inputs.conf that has a stanza for [WinEventLog://Microsoft-Security-Logs] to an index and uses _TCP_ROUTING to make sure the events go to the correct indexer. I have a group that...
View ArticleIs it possible to anonymize/mask the data being sent from AIX servers to the...
We have installed and configured Splunk Universal forwarder 6.6.1 on AIX server. It is working fine and I am able to see the logs in Splunk Enterprise 6.6.1. However the splunk universal forwarder is...
View Article