How to check how long splunk uf agents are down on particular servers?
Hi , We had list of servers a,b,c,d,e,f. How can we check how long splunk uf agents are down on the servers a,b,c,d,e,f? At present we restarted uf agents. I am looking for a query. Any help would be...
View Articlewhitelist directories inputs.conf
We've ~1000 directories in path and we want to monitor only a few selected directories. I tried to use the whitelist, voiding multiple monitoring stanzas. But it doesn't seem to work. I have verified...
View ArticleUniversal Forwarder and AppLocker Events XML
Hey Guys trying to toubleshoot an issue here. Trying to get the XML events from the UF on Windows machines into splunk. The normal [WinEventLog://Microsoft-Windows-AppLocker/EXE and DLL] seems to work,...
View ArticleWhen is it necessary to upgrade universal forwarders?
We are planning to upgrade our splunk instances and we are wondering if its necessary for the forwarders as well? if not, then when? both are running in Splunk 7.0 and environment is distributed,...
View ArticleWhat happens when the UF service is stopped?
I have UFs deployed to many systems monitoring Windows event logs. I need to stop the SplunkForwarder service on some of these systems for about a day to do some testing. Will the UF pick back up from...
View Articleplease help me : How CAN I configurate splunk enterprise so it could see the...
hey please help!! i did all the steps of universal forwarder configuration but i still can't forward data into splunk entreprise How CAN I configurate splunk enterprise so it could see the forwarder ??...
View ArticleDoes splunk offer a Universal Forwarder to compatible with HP Nonstop OSS...
Hi, We have couple of servers from HP NonStop OSS environment which is not 100% Unix. Instead, OSS is “Unix-like” where most Unix commands will work in OSS. I have got a requirement to forward the HP...
View ArticleHow does _TCP_ROUTING work in inputs.conf?
We soon will be required to send our Windows Event Security logs to a separate Splunk sever owned by our organization's Security group. To test this, I installed a test Splunk server (testsplunk in...
View ArticleDoes splunk offer a Universal Forwarder compatible with HP Nonstop OSS...
Hi, We have a couple of servers from HP NonStop OSS environment which is not 100% Unix. Instead, OSS is “Unix-like” where most Unix commands will work in OSS. I have got a requirement to forward the HP...
View ArticleWhat ports are used as source ports for Splunk Universal forwarder agent?
Let’s say we have Splunk Universal Forwarder agents installed on windows servers. Is it known what ports are being used by windows servers to send data FROM (not sent TO) to splunk deployment server?...
View Articlehelp please : inputs problem
hi i have configurate my universal forwarder and splunk so i can find my machine in the host list of splunk .. but i think i have a problem in the inputs.conf because i can't find the sourcetype and...
View Articleinputs.conf help
hii in the inputs.conf i wrote [monitor://C:\var\log*.log] disabled = 0 sourcetype= log index=me but when i tape the command splunk list inputstatus i find C:\var\log*.log type is missing what should i...
View ArticleInstalling UF on AIX HACMP cluster.
Hi, We are installing universal forwarder on the AIX HACMP cluster which has two nodes. We wanted to understand what is the best practice and how can we install the UF, should we install on both the...
View ArticleHow many pipelines should I use on a forwarder?
I'm trying to figure out how many pipelines to set on my forwarders to maximize the following: - Throughput - Data distribution to my indexers - Resource utilization What are the things I need to be...
View ArticlePowershell script not running on schedule
I'm running 2 powershell scripts on an Universal Forwarder version 7.0.1 to get all the users and systems from the AD, I want them to run everyday at 12 am. I have the powershell add-on on the...
View ArticleHow to Blacklist on a Universal Forwarder with a TCP input?
I have a UF running on a linux device, with a TCP input. The input is coming from a Graylog forwarder and all the windows events coming with a 'winlogbeat_ preface. I want to black list windows events...
View ArticleUniversal forwarder - multiple inputs.conf stanzas on the same folder
Hi I'm attempting to configure my universal forwarder to read log files from a single directory with multiple subdirectories. We use log rotate so the files will be renamed with (1) up to (4) before...
View ArticleWhy does Splunk Universal Forwarder skip data in rolling log when Splunk...
The Splunk Universal Forwarder 6.5.1 seems to skip the data added to the log file, once the splunk service was not running. **Problem**: Forwarder is configured to forward and index the logs of some...
View ArticleSplunk Free Edition stopped indexing after set-up
I've tried browsing around previous topics but couldn't find anything that worked for my particular situation. I have a very simple test setup with a Universal Forwarder, a Debian 9 machine running the...
View ArticleUniversal Forwarder: Why does the following error appear when I launch a...
Hello, I have faced this error when launching a batch file with Splunk: ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\etc\apps\SQLFailed_logon\bin\script\LogCheck.bat""...
View Article