Will universal forwarder installs only work on specific OS versions?
I was told that it didn't matter what version of the Universal forwarder I installed on my servers. Does it matter that much? If I have Server 2003, 2008 or 2012, can they all use the same version of...
View ArticleWhy does uninstalling a deployment app from a server class uninstall the app...
I was doing some testing where I setup a UF on a test machine. I created a test endpoint server class and added my test host to it. Then I deployed some existing apps (via the deployment server) to...
View ArticleBug Alert ***Why does uninstalling a deployment app from a server class...
I was doing some testing where I setup a UF on a test machine. I created a test endpoint server class and added my test host to it. Then I deployed some existing apps (via the deployment server) to...
View ArticleIs there any advantage to sending data from UFs to an intermediate HF instead...
Is there any advantage to sending data from UFs to an intermediate HF instead of directly to indexers? I recall reading that by relaying data UF > HF > indexer, there are certain advantages (e.g....
View ArticleIs there any advantage to sending data from universal forwarder to an...
Is there any advantage to sending data from UFs to an intermediate HF instead of directly to indexers? I recall reading that by relaying data UF > HF > indexer, there are certain advantages (e.g....
View ArticleDo TLS/SSL and CipherSuite configs on the Indexer force autonegotiation with...
If a Splunk forwarder is configured with the default TLS/SSL settings in the various .conf files as below, and the indexer/intermediate-forwarder is configured with the various .conf files as below,...
View ArticleInput & Outputs file conf for SSL encryption
Hi, Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for securing the connection between forwarder and indexer.
View Articledeploy server.conf via deployment server and point individual ssl certs
hi all I am a splunk noob. I have created individual server.pem files that are sha256 compliant from my windows ca my deployment server and clients are mostly windows the clients ( servers with...
View Articleinputs.conf and outputs.conf for SSL encryption
Hi, Can someone share with me the recent inputs & outputs conf file for SSL encryption? I am having some trouble for securing the connection between forwarder and indexer.
View Article6.6.2 universal forwarder on Windows - Splunk/Windows compatibility?
I am trying to install the universal forwarder on a windows 2008 R1 server. since there is potentially other splunkd services running I have to use a scripted process that unzips a pre-installed copy...
View ArticleUniversal forwarder Windows installation (x86 and x64) fails when being...
Testing this out on two separate machines in our environment as we need to get Splunk up and running on all server by this Friday. The installations process just fine when done manually, and uninstall...
View ArticleWARN message when configuring universal forwarder to send data to Splunk...
I already configured my Splunk universal forwarder to send data to my Splunk cloud trial and I am getting this error. 10-24-2017 21:22:27.533 -0500 WARN TcpOutputProc - Tcpout Processor: The TCP output...
View ArticleSplunk universal forwarder upgrade from 4.3.x to 7.0
HI, I'm looking for information about updating UFs from version 4.3.x to 7.0. I checked Splunk docs (Forwarder Manual), but there are no version dependency requirements for the upgrade. So the...
View ArticleSplunk Universal Forwarder reqruirements on Windows 8 r1 x86
I am trying to install the 6.6.2 version of the universal forwarder and I am getting an error indicating that the minimum requirements have not been met to install. What are the minimum requirements (...
View ArticleJSON parsing error in the universal forwarder
Hi, I'm getting errors with parsing of json files in the universal forwarder. I'm generating json outputs - a new file is generated every time a run a routine. Output has the below: [ {...
View ArticleQuestions about various steps for network device integration with Splunk
Hello Splunk Experts, I'm working on networking device integration with Splunk. I'm considering using OneBox universal forwarder to receive the application deployment from Splunk server. Here are the...
View ArticleIs it possible to combine these two search results to create 1 alert?
I have two very different search queries that I am having a hard time combining into one search. Search 1 yields results if the indexer hasn't received any data from the server's universal forwarder in...
View ArticleUniversal Forwarder Disk Usage
HI Fellow Splunkers, Need some help out here. What would be the minimum Disk Space required when installing a Universal Forwarder? or is there an ideal disk space for a universal forwarder? Just wanted...
View ArticleUniversal forwarder deprecated for Windows 2008 on Splunk 7.0.0?
we are in the process of rolling SPLUNK to production very soon and we going with SPLUNK Enterprise 6.6.3 as we stood up some of the infrastructure before 7.0 release. Looking at the deprecated...
View ArticleHow to skip header in CSV files before indexing?
My input files are in the following format (CSV): Icon Statistics Time;26.10.2017 00:00 - 27.10.2017 04:40 Service;Servicename Statistic;Report_servicename...
View Article