how do i find where each hosts are indexing data
the reason for this is because someone made a mix-up on the UF and then some hosts are indexing to the wrong index. Is there an easy way to find the Index to which each hosts are indexing different data?
View ArticleActive Directory Monitoring with Universal forwarder
We want to monitor Active Directory changes and security Events We are planning to deploy the Universal forwarder to each domain controller. I am confused by documentation. What is needed/best practice...
View ArticleWhy can't the Splunk server index or show events forwarded by windows host...
alt text I have installed universal forwarder on my windows host and the forwarder does forward the events to the Splunk server on port 997. As you can see in the wireshark picture the Splunk server...
View ArticleHow can I forward data from UniversalForwarder for 2 instances?
I have universal forwarder with Splunk_TA_Stream and my app _server_app_audit where in inputs.conf I write `_TCP_Routing = mygroup1` or 2 at each app. After that, I write into outputs.conf...
View ArticleHow to monitor Active Directory changes and security events with Universal...
We want to monitor Active Directory changes and security Events We are planning to deploy the Universal forwarder to each domain controller. I am confused by the documentation. What is needed/best...
View ArticleHow to monitor log files from /tmp/folder_name with a Universal Forwarder?
I want to monitor log files and some custom files from /tmp/log_folder on a linux server. On the Linux box, the desired logs are scripted to /tmp/log_folder/ and this folder will be monitored by the...
View ArticleWhy is the Splunk Universal Forwarder sending data to wrong index and, isn't...
Hello everyone, I have a lab in a Ubuntu VM. In this lab, I have the UF and the Splunk E. The forwarder monitors a folder that has a Catalina.out.bk file. The data arrives at Splunk E but it arrives at...
View ArticleCan we delete Disk_objects.log file in Splunk Universal Forwarder ?
We have only 2 GB of minimum disk space allocated for Splunk universal forwarder and my envirnoment team has asked to reduce the size consumed. I cleared splunk internal logs and also changes...
View ArticleUniversal forwarder not forwarding to other linux/windows
I have installed Uf in one linux and splunk instance in another linux/windows. While trying to configure , uf is not forwarding data to linux/windows splunk,ping is working fine. Could you please help...
View ArticleSyntax error on splunk outputs.conf
Hello All, I am a newbie to distributed deployment. I was trying to specify the outputs.conf on the deployment server and the files get pushed on to the client. But there seems to be a syntax error on...
View ArticleClear index on all indexers and re-sending all events from universal forwarders
Hello What is the recommended way to clear an index present on all our indexers and then make all the universal forwarders re-send all the events on respective Windows server?
View ArticleWhy am I not able to get data to Splunk Enterprise from another VM?
I've installed Splunk Enterprise on one VM and installed Universal Forwarder on another VM and I followed all the setup and all ports are opened but not able to get data onto Splunk Enterprise. I...
View ArticleHow to can I configure dynamic sourcetype assignment on a Universal Forwarder...
I have a folder which has multiple log files in format CalculationMgr-xxx(xx).log and EventMgr-xxx(xx).log where xx is a numeric value. I tried configuring 2 separate monitor stanza on UF to monitor...
View ArticleDeployed app on Universal Forwarder being created with 700 permissions (Linux...
Created an app on the deployment server which is used to tell the Universal Forwarder which directories and logs to monitor. There is no issue with this aspect, the logs are being monitored as...
View Articlehow can get syslog from F5 BIGIP with Universal Forwarder
hi all, we our splunk enterprise with this configuration: 1 universal forwarder 2 indexers in cluster 1 search head 1 SIEM how can i send traffic to our splunk based on syslog ? ""when we define input...
View ArticleHow to forward data from universal forwarder to Splunk light?
I have installed a universal forwarder on linux server and I have Splunk light cloud instance. I am able to find the forwarder in forwarder management but not in forwarder monitoring screen. I am also...
View ArticleHow can I pull in resource data stats from remote machines into a single...
Hi, I am trying to use one instance of Splunk Enterprise (Web) as a central place to be able to pull in resource usage data statistics for other servers/computers (CPU, Memory, HD, etc). I have set up...
View ArticleHow to add data from universal forwarder into splunk.
I have attached screenshots of my search screen and universal forwarder monitoring screen. I can find them in the forwarder monitoring screen but not in the search screen. I followed the steps from...
View ArticleWhy is the UF version on forwarder different than what the indexer is seeing?
I recently upgraded all of my Universal Forwarders (UF) to 7.0.3 from various version levels (some 6.3.3, some were 7.x). On one of the forwarders (AIX) when I run the command; `./splunk version` I...
View ArticleSplunk Forwarder Universal issue
Hi, I try to deploy a new forwarder since i've updated my indexer to 7.0.3. I got some problems and i found my answers on this forum. But I haven't been able to solve, below the error message in the...
View Article