How can I forward data in Windows Universal Splunk Forwarder 6.5.0 and a...
Hi, i'm sorry for my poor English, I have a Windows Universal Splunk Forwarder 6.5.0 and a CentOS Splunk Entreprise 6.5.0. I added a new index. I edited and added `index = myindex" to...
View ArticleSplunk Universal forwarder 6.6.4 installation on Tru64 UNIX V5.1B
Hi All, I am trying to install the universal forwarder on a UNIX Tru64 server. I am using the zip version of splunkforwarder-6.6.4-00895e76d346-FreeBSD9-amd64.tgz the universal forwarder. After...
View Articlekubernetes 1.9.4 breaking changes: Universal Forwarder
I've setup splunk universal forwarder as a daemonset on our kubernetes cluster. 2 nodes are running kuberntes 1.9.3 and one is running 1.9.4. On the 1.9.4 node the splunk forwarder pod is unable to...
View ArticleHow to index .EVTX file stored in a different location on a universal forwarder?
HI All, I would like to index .evtx file stored in a different location in my universal forwarder. E:\Logs\Events\Fixed.Evtx What are the approaches we have, to index these files? I read some...
View ArticleHow to repack the installation package MSI for Splunk universal forwarder?
Hey guys Is it possible to rebuild msi installation package for Splunk Forwarder? I want to assemble my installation package (msi) with pre-installed data, such as IP servers, the selected log, the...
View ArticleUniversal Forwarder 6.4.0 to HEC
Unfortunately, I have a few hundred hosts running 6.4 universal forwarder and I cannot upgrade them. I have a subset of hosts that need to send an application log to HEC on customer's splunk deployment...
View ArticleWhat are the house keeping activities we can do in Splunk apart from clearing...
Been trying to create a manual for doing a daily house keeping activities on Splunk and Universal forwarder to make the product work better. Please kindly suggest the same
View ArticleHow can I disable Splunk Universals Forwarder input after installing Splunk...
I currently have a Splunk Universal Forwarder installed on all my servers. It was recommended by Splunk to install the TA_windows plug-in on top of the Universal Forwarder. I built out a deployment...
View ArticleERROR TcpInputProc - Indexer not receiving data from forwarder
Hi all, I am getting these errors in my log files. First is from the spunkd.log from the indexer and second is is from the splunkd.log on the forwarder. I have done multiple searches on Splunk answers,...
View ArticleUnderstanding/Control over the hourly fishbucket snapshots
Hi, A couple days ago I posted a question regarding hourly CPU spikes on UF. It was found that the hourly fishbucket snapshots causes a brief CPU and I/O spike. My new question: In order to reduce the...
View ArticleWhat are the steps to install forwarder on Tru64 UNIX V5.1B server?
Hi All, I am trying to install the universal forwarder on a Tru64 UNIX V5.1B alpha system. Please help me with the steps to achieve the same. Any ideas or suggestions will be much appreciated. Thanks
View ArticleHow to have control over the hourly fishbucket snapshots in order to reduce...
Hi, A couple days ago I posted a question regarding hourly CPU spikes on Universal Forwarder. It was found that the hourly fishbucket snapshots cause a brief CPU and I/O spike. My new question: In...
View ArticleCan SNMP Modular Input be installed in the Universal Forwarder?
Hi, our requirement is to install SNMP Modular Input but we are not sure yet how and where are we required to configure it in Splunk deployment? Please help. Thanks!
View ArticleWhat are the steps to install a universal forwarder on Tru64 UNIX V5.1B server?
Hi All, I am trying to install the universal forwarder on a Tru64 UNIX V5.1B alpha system. Please help me with the steps to achieve the same. Any ideas or suggestions will be much appreciated. Thanks
View Articlesplunk universal forwarder batch input forwarding but not deleting
Hi, we have an indexer cluster, to which we index many many small files. we have about a few hundreds thousand files. we run a universal forwarder on a strong machine(130GB 24CPU) and have a batch...
View ArticleWhy are Windows event logs with MSSQLSERVER$AUDIT as source getting truncated...
Hi, We have an auditing setup which logs in Windows event logs (Forwarded Events) as "MSSQLSERVER$AUDIT" source. they are well displayed in event viewer console, but the log is truncated and message is...
View ArticleHow to configure Splunk Stream on Windows?
Hi! Having some trouble configuring windows to collect data from a Windows forwarder(UF). I have a heavy forwarder configured with token where I also have Splunk_TA_stream installed. On the search head...
View ArticleNew Universal Forwarder read timeout
We are trying to setup the universal forwarder on a Windows AD server. After configuring the index to receive on port 9997 and installing the UF on the server. The Forwarder does not appear under the...
View ArticleWhy can't I download universal forwarder credentials on macOS High Sierra...
When I tried to download the Universal Forwarder Credentials from my trial Splunk Cloud on to my MacBook Pro, I got a prompt stating "This type of file can harm your computer. Do you want to keep...
View ArticleRemove UF from RHEL7
I need to remove UFs from some REHLs. I stopped splunk and disabled boot-start. I installed .rpms but rpm -e is not working. Should I cd /opt and rm -rf splunkforwarder ? Thank you
View Article