How to install the decompressed .gz file on AIX for a Splunk universal...
Well, this is technically a Unix question but still asked it here since it involves with Splunk. I already installed a forwarder on Linux and didn't have a problem with tar files, but I am having a...
View ArticleAfter setting up a universal forwarder and receiver on Windows, why am I...
I've set up a universal forwarder on a remote webserver using local system account (Win2008R2 64bit). I have enabled receiving on the receiver which is using a domain account (Win7 Pro 64bit). It asked...
View ArticleHow do I delete old data for old data inputs, and why is our receiver not...
I created some remote data inputs which worked well. The documentation recommended using a universal forwarder for better performance. I deleted the old data inputs ok, but the data remains. How do I...
View ArticleHow do I edit my universal forwarder configuration to collect Kaspersky data...
Hey all, I have a problem indexing Kaspersky logs. My previous steps: - Installed UniversalForwarder at the server were Kaspersky Security Center runs. - Edited the inputs.conf file on the server with...
View ArticleUpgrading Splunk on Windows 2008 R2, how can I uninstall the universal...
Hi, I am trying to upgrade Splunk version on Windows 2008 R2. Can you suggest me any way to uninstall Splunk universal forwarder as it is not showing universal forwarder in control panel? I have tried...
View ArticleHow do I monitor the health and state of universal forwarders in my environment?
hello! I have a set of universal forwarders that keep shutting down on their own. We have a case open with support but this bring up and important question. How do I monitor the health and availability...
View ArticleHow to get application event logs from each Windows machine with a universal...
Hi! I have the Splunk Universal Forwarder installed on multiple Windows machines and connected to Splunk Enterprise configured both as receiver and deployment server. I'd like to get the Application...
View ArticleHow do I configure a Windows universal forwarder to send data to a receiver?
I have 2 universal forwarders pointing to 1 receiver. All are Windows 64. I confirm that they are both "seen" by using the dashboard "Forwarders: Deployment" in Splunk Web on the receiver. I don't know...
View ArticleAfter adding third-party certificates to our Deployment Server and Clients,...
I have just added third-party certs to our Deployment Server/Deployment Clients. Also, since we do not deploy apps that often, our phoneHomeIntervalInSecs is set to 300. Things appear to be talking ok,...
View ArticleHow to troubleshoot why my Windows universal forwarders are not recognizing...
Hi, I have complex events in files forwarded from Windows hosts with Universal Forwarders. These files are zip-compressed, and have "_TRA_" in filename. They look similar to this:...
View ArticleWhat is the best way to collect all DNS queries by client and Responses sent...
We have Universal Forwarder installed on MS Windows 2012 DNS server. what is best way to collect all the DNS queries by client and the Responses sent back by the DNS server.
View ArticleWhy does the AD Health PowerShell Script for Active Directory run 4 times and...
AD Health PowerShell Script for Active Directory runs 4 times and then stops running. I have to recycle Universal Forwarder to get it working again. Each time I recycle universal forwarder, it will run...
View ArticleHow to troubleshoot why indexing of Windows event logs has stopped?
Hello, I have a universal forwarder installed on our domain controllers to forward Windows event logs. In recent days, I do not see any events being indexed. I have verified that logs are still...
View ArticleSplunk Add-on for Symantec Endpoint Protection: How to troubleshoot why my...
I installed the universal forwarder on one of my servers (Symantec Endpoint Protection Management Server). I copied in the appropriate TA folder to the apps folder. In there, I copied over the...
View ArticleHow to configure directory and file monitoring on a universal forwarder?
Hi, I've got a universal forwarder and I'm trying to monitor `C:\Windows\System32\winevt\Logs`. I've tried 2 solutions: CLI and Inputs.conf. CLI: `Splunk add monitor C:\Windows\System32\winevt\Logs`...
View ArticleWhy is the last syslog event coming in from a universal forwarder not getting...
Hi, We have a scenario where the Splunk is not indexing the last event received via syslog. The search results are always n-1 where if I have to get the last event, I need to generate one more event....
View ArticleIs multitiered load balancing supported in Splunk 6.3.1? (Universal...
Hi, After going through the 6.3.1 documentation, it is still not clear to me whether multitiered load balancing is fully supported in Splunk. I don't see why not, but I just want to double check with...
View ArticleERROR TcpOutputProc - LightWeightForwarder/UniversalForwarder not configured....
Team, In one of the Unix servers where SplunkForwarder is running, I have the below log in the splunkd.log file. Our web service is down due to this and Splunk is not working. Please see the log below...
View ArticleWhy is my blacklist configuration under WinEventLog not working?
I have the following stanza in the universal forwarder Splunk 6.3: [WinEventLog://Security] disabled = 0 blacklist1=EventCode="4656" blacklist2=EventCode="5156" blacklist3=EventCode="4658"...
View ArticleDoes the Tripwire Enterprise App for Splunk Enterprise require the use of the...
Does this app require the use of the heavy forwarder or will the universal forwarder work?
View Article