Why am I receiving an error when deploying a new Splunk forwarder?
Hi, I try to deploy a new forwarder since i've updated my indexer to 7.0.3. I got some problems and i found my answers on this forum. But I haven't been able to solve, below the error message in the...
View ArticleWhat is the windows universal forwarder product Id?
Any one know the product id for UF 7.0.1 ? i have this for 665 Package Splunk665 { # Ensure = Present Path = "C:\Software\splunkforwarder-6.6.5-b119a2a8b0ad-x64-release.msi" Name = "UniversalForwarder"...
View ArticleWhy is the Windows universal forwarder not showing in forwarder management?
I am trying to create a new universal package for our windows servers. The log data from our test server is showing up in Splunk the way it should; however, I don't see the server name in Forwarder...
View ArticleHow to switch between Splunk Universal Fowarders?
Hi, We have a production environment and disaster recovery environment, Splunk universal forwarder is installed on both environments. When production system goes down the UF on production system has to...
View ArticleWindows Universal Forwarder Hide Domain Password
Hello I need to deploy Windows Universal Forwarders with Domain Account and I am wondering where if: - There is any way to not have LOGON_PASSWORD explicit in clear text? - Is the Domain password...
View ArticleOptions on installing universal forwarders on "Windows Machines"
Hello All, Im a bit confused with the installation of a UF on the windows machine. According to the documents, there are 2 methods to install splunk UF. One with the local account and one with the...
View ArticleHow to import this kind of CSV data?
I've a CSV file like the one reported below, and on my UF I've added the following props but on the search heads the events are not parsed. props.conf [sourcetype]...
View ArticleHow do I configure a UF on Linux to receive and forward windows events?
I need to configure a Linux based UF to receive Windows events and then forwarder those to the indexers. I am guessing that there is a inputs.conf and outputs.conf needing to be configured. Just not...
View ArticleFind source types from UF to HF...
Hi all...one of my Heavy Forwarders is relaying much data, we are using it for an intermediate forwarding tier to Splunk Cloud. Many UFs are sending to this HF. I need to run a search to find what...
View ArticleHow to selectively forward the log files to specific indexes in Splunk?
Is it possible to selectively forward the log files to specific indexes in Splunk. I want to forward a docker container running 3 services logs to Splunk indexer, the problem is that if I use Docker...
View ArticleWhy is Docker Splunk UF sending logs with 2 different hostnames?
Docker-compose splunkuf: image: splunk/universalforwarder:7.0.2 network_mode: host environment: SPLUNK_START_ARGS: --accept-license --answer-yes SPLUNK_USER: root SPLUNK_CMD: install app...
View ArticleUniversal Forwarder
Before I start this is a serious case of blind leading the blind. Currently we have a VMware running Windows Server 2016 hosting Splunk Enterprise, to date we have managed to get the forwarder...
View ArticleIs there any way to disable the Splunk Universal Forwarder to generate the...
Hi, I have installed the Splunk universal forwarder to store logs from my IIS WebServer in Splunk. The SplunkUniversalForwarder have executed some days with success, but after that, it begins to crash...
View ArticleCan someone help me understand how my current outputs.conf settings work?
A splunk engineer told us to deploy an app with the deployment server (to universal forwarders) that contained the outputs.conf file. the problem is that even with this app deployed running btool still...
View ArticleRotated log file to another directory causes duplication
**Test inputs.conf** [monitor:///var/log/application/active/*.log] disabled=0 sourcetype=application index=application [monitor:///var/log/application/rotated/*.log] disabled=0 sourcetype=application...
View ArticleUniversal Forwarder on Chromebooks?
Hi all, long time lurker here! Has anyone had any luck installing a universal forwarder on a Chromebook? My company will most likely be purchasing some of these, and I'd like to be able to monitor them...
View ArticleHow to filter logs from the source with a universal forwarder?
Hi, I have UFs on a few ec2 aws instances, reading logs from /temp. I want to regex and only send logs containing ERROR and WARN on to the HF and then on to the indexers. I want to the filter to occur...
View ArticleUniversal forwarder (Windows) does not send logs even though "active"
Hi Folks, I am testing log forwarding using universal forwarder from Windows to Splunk but can't seem to receive any logs. My test environment has Splunk Enterprise OVA (standalone) as server and...
View ArticleSplunk Docker Logging driver vs Universal Forwarder
What is the best option between Splunk logging driver for Docker or Universal forwarder running on the host or inside container for sendings logs to an indexer server. What are the limitations of...
View ArticleAfter installing a new UF, why is it not forwarding logs to the Indexers?
05-10-2018 15:13:13.954 +0000 ERROR TcpOutputProc - Error initializing SSL context - invalid sslCertPath for server 45.125.XXX.X:9997 05-10-2018 15:13:13.959 +0000 ERROR SSLCommon - Can't read key file...
View Article