Is there an app that can restart the Splunk universal forwarder service on...
Hi, I need to deploy an app from deplyment server which will restart the Splunkd UF application installed on Windows server. Can some one please help me with what should I write in the...
View ArticleFew forwarders not sending data
Hey everyone, I have installed UF agents in 180 servers and i have seen the data coming to splunk yesterday. But now i have noticed three of them are not sending data, I mean i am seeing 177 hosts in...
View ArticleUF compatability for Knoppix and Fedora
Could you suggest the compatible UF package for the Operating system Knoppix and Fedora? I have checked on this link, but the mentioned OS flavors are not listed there....
View ArticleHow do you run script WinNetMon on universal forwarder?
I wanna to run WinNetMon on UF and I put to SplunkUniverstalForwarder\etc\system\local\inputs.conf
View ArticleUninstall universal forwarder error: "Splunk Installer was unable to enable...
I am trying to uninstall Universal Forwarder 6.1.3 and it gives me an error "Splunk Installer was unable to enable event log monitoring. Splunk exitcode='1'". Does anyone know how to fix this so i can...
View ArticleIs it possible to get Cisco eStreamer data processed by the Splunk universal...
Hi, Is it possible to get Cisco eStreamer data processed by the Splunk Universal forwarder? Is there any step-by-step guide? Many thanks
View ArticleUniversal Forwarder Not sending my windows events log
Well! i have configured my suplunk server to accept logs on 9997 from remote. And i have configure my universal forwarder to forward logs to my splunk server to 9997 port. My output.conf file is as:...
View ArticleUnable to read large input file from Universal Forwarder
We have a Linux server which is receiving our syslog traffic and on that machine we have a universal forwarder running on it to read all of the syslog files to send them off to our Splunk indexers. The...
View ArticleCan a universal forwarder be restarted via REST API?
Can UF be restart via REST API? What other things can be done to UF via REST API?
View ArticleUniversal forwarder is listening to the wrong port for the splunkd process
We are rolling out the UF to our windows servers, no apps yet, just the UF. The deploymentclient.conf only has the deployment server: targetUri = xxx.xxx.xxx.xxx:8089. this is causing some issues with...
View ArticleUniversal Forwarder don't write events to persistent queue with graceful...
I'm using distributed Universal Forwarders in remote location in order to collect events from remote sites. To prevent data loss I configured persistent queue on disk for specific inputs. input.conf...
View ArticleHow to configure inputs.conf to send data from 1 directory to 2 different...
We have a scenario where we need to forward data from 1 directory to 2 different indexer clusters. While this is achievable through TCP Routing in inputs.conf, I believe the solution will only work if...
View ArticleUniversal Forwarder resending event log data
If the IP address for a host changes or if it gets a new GUID, would the forwarder resend the entire Windows event log?
View ArticleWhy UF think my file is binary?
In my environment, UF monitors the file and forwards it to Splunk. It was able to capture the file without problems before, Due to the version upgrade of software that outputs log that was being...
View ArticleWhen installing UF, should THP be invalidated or not?
It is related to the following answers, but is it recommended to invalidate THP after all? https://answers.splunk.com/answers/523835/turn-thp-off-on-universal-forwarder.html If it does not seem to...
View ArticleUnable to add more sources to Universal Forwarder
Hi, I'm pretty new in the Splunk field. I've installed a little environment of Splunk on virtual machine and Universal Forwarder on my own machine (both are windows). When I'm trying to add more...
View ArticleUniversal Forwarderのログ転送先について
Syslogサーバー(+Universal Forwarder) → Splunkサーバー 上記の図のように、Syslogサーバーにフォワーダーをインストールし、正常にSplunkサーバーにもログが取り込めていることは確認できているのですが、Splunkサーバー上のどこにフォワーダーで転送したログは保存されているのでしょうか? Added Translation: Syslog server (+...
View ArticleManipulating data before indexing
I have multiple forwarders (heavy and universal) and I want to manipulate the data they send to my indexers. For each event I want to add a field, which the value is based on the event content and...
View ArticleUniversal Forwarder - Linux server - multiple processes running
Hi there, maybe a simple question for the pros. I have installed on different linux servers the UF to get logs and events. I noticed on this servers that splunk is running with 40 processes (splunkd -p...
View ArticleUniversal Forwarder - Configured but inactive forwarders.
I have a fresh install of `7.0.x` in our QA environment to test with. I have an indexer/search head/deployment server running on a RHEL7 box. I have one Universal Forwarder on a Windows Server 2012 R2...
View Article