Windows Universal forwarder shows 2 host names for the same server
Hello, We have a single instance splunk deployment. I have installed Universal Forwarder on an Win 2012 R2 Active Directory DC. Upon checking / searching for the events in Splunk Search UI, i noticed...
View ArticleHow to add a data input in Server GUI that modifies the inputs.conf file in...
Hi: I'm using Splunk in a Mac OS X system. I've installed Universal Forwarders in several Windows Machines. I 've used the installer's GUI for the forwarders, customised the options to monitor a folder...
View ArticleUpgrading Splunk Universal Forwarder from 6.4.3 to 7.2.1
Hi. We are running Splunk Enterprise 6.4.3, and our Universal Forwarders are running the same version. We'll be upgrading to Splunk Enterprise to 7.2.1, which I understand involves a hop to 6.5, then...
View ArticleHow to blacklist events for a specific event code and task category?
Trying to blacklist specific windows event logs based on event code and task category, but doesn't work . [WinEventLog://Security] disabled = 0 start_from = oldest current_only = 0 checkpointInterval =...
View ArticleWhy am I not seeing custom logs using the universal forwarder?
I am using the UF to try and collect logs from a custom windows application. Below is my inputs.conf stanza. How I am not seeing the logs. How can I see if they are getting collected and how can see if...
View ArticleCan you simply delete the 6.4.3 forwarder and installing the 7.2.1 forwarder?
Hi. We are running Splunk Enterprise 6.4.3, and our Universal Forwarders are running the same version. We'll be upgrading to Splunk Enterprise to 7.2.1, which I understand involves a hop to 6.5, then...
View ArticleRenaming index for data coming from universal forwarder
We have data coming from lots of universal forwarders and it has various sources and sourcetypes and sending data only to a single index. we don't have access to inputs.conf. How can we redirect the...
View ArticleWhat is the job of the universal forwarder in Splunk App for Windows...
Hi All, As a newbie i have a question regarding App for Windows Infrastructure. We have a single instance of Splunk Enterprise on Linux. I have gone thru other threads on this subject before asking...
View ArticleWhy does clustering always appear as a repeat phenomenon without a reason?
hello, I have a strange question, This question is described as a bit rough. I have a single site cluster that contains 5 indexers, 4 search heads, a deploye, a cluster master, some deployment servers,...
View ArticlePowershell script not running on schedule
I'm running 2 powershell scripts on an Universal Forwarder version 7.0.1 to get all the users and systems from the AD, I want them to run everyday at 12 am. I have the powershell add-on on the...
View ArticleGet lost data into UF from the last disabled/turned off time automatically
Hi, I have new scenario. I installed Universal Forwarder in a server where i get other server_logs in a folder. Whenever I turned off my server, the UF is also getting turned off. After restarting my...
View Articlesplunk universal forwerder to splunk enterprise with configured HEC (all on...
Hello , i have spent couple of days to reach some proper loggin to HEC on my enterprise splunk but cant handle it. I have configured also splunk app for infrastructure and i have added the host to be...
View ArticleSplunk App for Infrastructure - forwarder issue
Hi, I've installed splunk app for Infrastructure on my local PC with Windows10 and want to collect local metrics and logs in this app. When I configure my local pc as entity I get to a point where a...
View Articlesplunk-regmon causes errror when UF with non-privileged user
Hi all, I'm currently doing some tests with UF on Windows 10 hosts. Unfortunately I'm getting an error I was not able to get rid off yet. When running UF as an user account that is part of the...
View ArticleHow to get lost data into UF from the last disabled/turned off time...
Hi, I have new scenario. I installed Universal Forwarder in a server where i get other server_logs in a folder. Whenever I turned off my server, the UF is also getting turned off. After restarting my...
View ArticleIn RSYSLOG configuration, how to get the UF to send the other log information...
I am trying to see where I have gone wrong with my RSYSLOG configuration and forwarding information for SPLUNK. In our environment we are using SNARE on our end points which is sending the data to a...
View ArticleIs there a way to delete old log file in UF before start re-ingestion?
Hi, This is same scenario as my last question. I am getting data from a server where i have installed my UF. every night at 12 AM log file will generate with the date as mylog_yesterday_date.log....
View Article6.1.4 UF to 7.1.2 indexer without SSL
We are upgrading our Splunk Indexer from 6.4.3 to 7.1.2 (via 6.5). Our forwarders are running a mixture of 6.2.4 and 6.4.3 and are NOT using SSL. Then I noticed this compatibility matrix for the UFs:...
View ArticleDo we have to enable/configure SSL on our 6.4.3 UFs before we upgrade to 7.1.2?
We are upgrading our Splunk Indexer from 6.4.3 to 7.1.2 (via 6.5). Our forwarders are running a mixture of 6.2.4 and 6.4.3 and are NOT using SSL. Then I noticed this compatibility matrix for the UFs:...
View ArticleHow to check long splunk uf agents are down on particular servers?
Hi , We had list of servers a,b,c,d,e,f. How can we check how long splunk uf agents are down on the servers a,b,c,d,e,f? At present we restarted uf agents. I am looking for a query. Any help would be...
View Article