Setting up a UF in the Linux source server using CLI commands (receiving...
Hi Team, I've set up the Universal Forwarder(UF) forwarder in the Linux source server using CLI commands and also enabled the receiving in the Splunk server. but I still don't see any logs in the...
View ArticleI want to get data from my microsoft iis server how to get it?
I have splunk enterprise and I want to get system performance,server performance, log, audit, and status Disk usage etc of IIS server which is deployed on AWS. Now I have splunk addon and app both...
View ArticleUF - Win event blacklisting
Hi, For a while, I try to find the problem(here and testing), but nothing yet. I want to filter out some login and logout events with blacklisting. Input stanza looks like this:...
View ArticleDo TRANSFORMS in a source stanza and a sourcetype stanza both apply?
I am thinking of merging a variety of sources being monitored by a Universal Forwarder into a single `sourcetype` for indexing (and later searching) purposes. The sources each have specific...
View ArticleWhere do I find registry for splunk in windows?
Actually we are not able to install universal forwarder on 1 azure instances it is getting stuck in between, do we have any way to get rid of this issue. We deleted registry but no luck
View ArticleHow do I mass-deploy Universal forwarder to many Linux machines?
I am trying to deploy the Universal forwarders to a large Linux environment. Installing it manually is time consuming, are there any scripts to mass-deploy the agent.
View ArticleCollect outdated packages (apt list --upgradable) through UF
Hey guys, you know how you can run $ apt list --upgradable and get a list of all the packages that have a pending update? I want to get that info from all my linux host in Splunk, so I can see: "this...
View ArticleGuide for creating Add-ons to deploy to (Universal)Forwarders?
Our department needs to collect the serial numbers of all physical drives connected to all machines within our network. Since there are over 1000 hosts, we would like to be able to collect this...
View ArticleRegex in Whitelist, in inputs.conf regex help
I'm trying to monitor log files within my application for the error & fatal logs, which can look like web-error.log web-error.log2018-02-01 web-error.log2018-02-02 web-error.log2018-02-02 There's...
View Articleone input stopped indexing exactly at midnight when starting a new month
We saw that one input has stopped indexing exactly at midnight when starting a new month. So we have the correct data untill 28/02/2018 23:59:59 and after midnight no data is visible anymore. The...
View ArticleRestet Universal Forwarder from Deploy Server
Hi, I need restart many servers (Universal Forwarders) Unix from a Deploy Server. Is there any way to do it? Thanks!
View ArticleHow to restart Universal Forwarder from a Deploy Server?
Hi, I need restart many servers (Universal Forwarders) Unix from a Deploy Server. Is there any way to do it? Thanks!
View ArticleThere isn't message of "linux transparent hugepage support" in splunkd.log of...
I think that the messages below isn't appear in splunkd.log in UF lately. INFO ulimit - Linux transparent hugepage support, enabled="never" defrag="never" I can find it in splunk, but I can't in UF. Is...
View ArticleUniversal Forwarder - Active Directory - i dont want setup the forwarder each...
Hi i have 32 station connect to Active Directory what the best to spread Universal Forwarder to all station ? ** i dont want setup the forwarder each station
View ArticleHow to select only "Security logs" from Windows?
Hello, I installed a Universal Forwarder(UF) in a Windows servers box, I didn't select the customize options, I only did next and only specified my deployer, now after I am done, I would like to tell...
View ArticleTcpOutputProc SSL Error with SSL_read = 104 in Universal Forwarder
We found the following message in splunkd.log in Universal Forwarder 7.0.2. The UF forwards logs to Splunk Cloud. It occurs infrequently, but some log files were not indexed while UF outputs this error...
View ArticleWhy am I unable to boot-start splunk universal forwarder as non-root user on...
Hi there, I'm new to Splunk and am testing out installing splunk forwarder on some Mac clients running High Sierra following the documentation for installing and running splunk as a non-root user here:...
View ArticleCan i use splunk universal forwarder with free splunk enterprise ?
Hello guys im noob so xD sorri ! Can i use splunk universal forwarder with free splunk enterprise ? If yes, wher i can get Host url for for conect slunk enterprise on my pc with universal forwarder on...
View ArticleIs it possible to create a deployment package of universal forwarder with...
Hello, Is it possible to create a package of Splunk universal forwarder with the complete configuration so that I can deploy through SCCM since I have more than 150 windows servers?
View ArticleWhy are the Universal Forwarders CPU spiking every hour?
Hi, I have over 150+ UF and they all behave the same. splunkd CPU usage is about 5% but every hour it spikes, up to 50-60%. This has been going on for many months. I have AIX and Linux UF and they all...
View Article