What happens when the forwarder is configured to send data to a non-existent...
Hello, I would like to know what happens when the forwarder is configured to send data to a non-existent index, either with or without Indexer Acknowledgement enabled. All other parameters are set to...
View ArticleWhy is the universal forwarder shutting down?
I am installing a universal forwarder 6.6.2 to Windows servers. On reboot SPLUNKD starts, reports in and then after syncing with the deployment server the service attempts to restart. After 360 seconds...
View ArticleNeed help configuring i/o to capture data from universal forwarders
looking to find a procedure or help to configure i/o so i can capture the same from universal forwarders. currently the iostat source type is not showing any i/o for disk, but it shows only for cpu and...
View ArticleHow to get data in Enterprise from universal forwarder
I installed a Splunk Enterprise 7.0 on a Unix machine and wish to get data from a Windows machine (any data would suffice for now since I'm new to Splunk, trying to grasp the concept of it all) Some...
View ArticleHow do you get data into Splunk Enterprise with a universal forwarder?
I installed a Splunk Enterprise 7.0 on a Unix machine and wish to get data from a Windows machine (any data would suffice for now since I'm new to Splunk, trying to grasp the concept of it all) Some...
View ArticleCustomize Splunk App for *nix
Hi All, Hope you are doing good. We have Splunk app for *nix installed on my Linux application servers and being used to monitor the stats. We have TaniumClient software installed on those servers and...
View ArticleIs it possible to fetch application log at UF directly to my SH
I want to fetch DNS and DHCP logs from my server directly to my local system, where I have my Splunk enterprise, without implementing HF and others. Is it possible to do so? If yes then how? Kindly help!
View ArticleNeed to change lines in custom app
I generated an app today with inputs.conf to push [monitor://] index= sourcetype= recursive=true but when this is pushed it appears like [monitor://]index=sourcetype=recursive=true This is the reason...
View ArticleIs it possible to send application logs at the universal forwarder directly...
I want to fetch DNS and DHCP logs from my server directly to my local system, where I have my Splunk enterprise, without implementing HF and others. Is it possible to do so? If yes then how? Kindly help!
View ArticleSplunk App for Unix and Linux: How can we customize this app to blacklist the...
Hi All, Hope you are doing good. We have Splunk app for *nix installed on my Linux application servers and being used to monitor the stats. We have TaniumClient software installed on those servers and...
View ArticleUniversal Forwarder client showing up in wrong server class
Out of our deployement of about 1,000 UF clients, a handful of systems are reporting data to the wrong indexes -- even though they are clearly configured to point to the correct one. Here's the...
View ArticleSplunk Universal Forwarder missing events
Hi all, Have you ever seen a UF missing events? I’ve observed some of our UF’s missing ~8 seconds of events and then picking up halfway through the event they reach. The gaps are creating some muddy...
View ArticleNeed to change lines in custom app_RESOLVED
I generated an app today with inputs.conf to push [monitor://] index= sourcetype= recursive=true but when this is pushed it appears like [monitor://]index=sourcetype=recursive=true This is the reason...
View ArticleIs there a way that we can install universal forwarders in a bunch of servers...
Is there a way that we can install universal forwarders in a bunch of servers at a time? Thank you
View ArticleCan a single UF forwards data to multiple HF's?
Is it possible to send data from universal forwarder to multiple heavy forwarders? if yes how can specify the HF group.
View ArticleTimeout talking to Deployment Server Windows
I'm seeing this message in the splunkd.log file just before a Universal Forwarder starts a shutdown. 11-25-2017 18:38:11.690 -0800 INFO NetUtils - Connect timeout - waited for 5 seconds....
View Articlehow does UF handle both metrics and event data
I have my UF and indexer set up and what I want to do is sending both metrics and event data from UF to indexer. from my understanding what I could do is set up two stanzas in **inputs.conf** of...
View ArticleUF needs to be restarted every time to get data
We have configured our UFs to send data from a particular folder. But every time the UF need to be stopped and started again after which it starts sending data. I am also surprised why this is the kind...
View ArticleNeed an app to restart Splunk UF service on Windows every 30 min
Hi, I need to deploy an app from deplyment server which will restart the Splunkd UF application installed on Windows server. Can some one please help me with what should I write in the...
View ArticleWhen a universal forwarder is unable to connect to an indexer, will the...
Hi Team, We have an log file in one of the server and which is keep generated in the directory for every 10 mins once as below, 12/13/17 10:10 log1213171010 12/13/17 10:20 log1213171020 12/13/17 10:30...
View Article