Why is memory spiking on our Universal Forwarder on a Domain Controller?
One of our administrators noticed that memory is spiking on the domain controllers and seems to have pin-pointed it to the Splunk Universal Forwarders installed on them. Powershell is being run and it...
View ArticleHow do I monitor input on Windows machine with a wild card character?
I want to monitor a log file from the below location on a Windows server. D:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\config\ However, based on the version of tomcat, the folder name...
View ArticleWhy is my JSON format log getting truncated to 26 lines?
I have a log file which has JSON format lines in the middle. The log looks fine but the JSON lines are getting truncated to 26 lines out of around 200 lines. Is there a way I can extract the full log...
View ArticleUpgrade Splunk Universal Forwarder from 6.2 to 7.2
Hello, is it possible to Upgrade the Universal Forwarder in one Step from 6.2 to 7.1 or is a intermediate step (Upgrade to 6.5) required? Splunk Enterprise: 7.0.1 Yes or No(with workaround) should be...
View ArticleHow do you generate self-signed certificate for a Windows universal forwarder?
We have a requirement to enable TLS on traffic from a universal forwarder (UF) to a heavy forwarder. We will be using self-signed certificates for this. From the following Splunk documentation, we...
View ArticleHow do we load a Splunk universal forwarder (UF) on a Citrix nonpersistent...
We have a farm of Citrix servers that are built from a Gold image. The systems act as desktops for users. Each night the system is rebooted and it comes up like the day the Gold image was built. All of...
View ArticleIn Splunk Enterprise, Is it possible to upgrade Splunk universal forwarder...
Hello, is it possible to Upgrade the universal forwarder in one Step from 6.2 to 7.1 or is a intermediate step (Upgrade to 6.5) required? Splunk Enterprise: 7.0.1 Yes or No(with workaround) should be...
View ArticleWhy aren't my command line flags working when installing an UF via Power...
Hi, I'm testing an install of Splunk UF on a Windows server using the Power Shell command line. The server is supposed to be used as a golden image for provisioning, so I have to prepare the UF for...
View ArticleWhy aren't my command line flags working when installing a Universal...
Hi, I'm testing an install of a Splunk UF on a Windows server using the Power Shell command line. The server is supposed to be used as a golden image for provisioning, so I have to prepare the UF for...
View ArticleWhy am I unable to connect to Splunk cloud from universal forwarder?
I have installed the universal forwarder according to http://docs.splunk.com/Documentation/SplunkCloud/7.0.5/User/ForwardDataToSplunkCloudFromLinux But in Step 5, I am not able find my host on Splunk...
View ArticleQuestions about onboarding logs
I have a server which stores some logs. Everyday news logs are added. So what I want is, every week, on a particular day, (say Friday @ 12 AM), a script will be triggered which will forward these logs...
View ArticleCan you help me with a problem I'm having extracting a field that is coming...
I am having some trouble with field extractions coming from a Windows host via a universal forwarder (UF). The log data is being read from a file by the UF. I am hoping someone can offer some insights....
View ArticleFiltering data with transform.conf
I am using Universal Forwarders installed on my domain controllers, and I am successfully filtering specific events (props.conf and transform.conf are show below). This is working as we want it to...
View ArticleHow do I filtering data with transform.conf?
I am using universal forwarders installed on my domain controllers, and I am successfully filtering specific events (props.conf and transform.conf are show below). This is working as we want it to...
View ArticleHow do I go about filtering data with transform.conf?
I am using universal forwarders installed on my domain controllers, and I am successfully filtering specific events (props.conf and transform.conf are show below). This is working as we want it to...
View ArticleWhy is our universal forwarder not visible in the Forwarder Management console?
I have completed the universal forwarder setup, and configured it as a deployment client of the Cloud Instance. But, I'm still not able to view the forwarder in the Forwarder Management console. I have...
View ArticleHow do I configure the outputs.conf file to forward data into two separate...
Hello Splunk user community, i have Linux VMS that are already reporting into a Splunk enterprise instance using a universal forwarder (UF). I recently set up a Splunk POC instance and would like to...
View ArticleCEF Files on Syslog-NG with Universal Forwarder
We use Websense in the Cloud, and their method for retrieving log files is to use a perl script which pulls down the logs in CEF format. I set up the script on a syslog server, it writes the CEF files...
View ArticleCan you help me with a query to find a universal forwarder device that...
Hello, I'm currently trying to see which devices haven't checked in to Splunk in over +30days. The query i've been using shows only 3 devices. But, when I verify that it has phoned home and sent data...
View ArticleCan you help me with a query to find a universal forwarder device that hasn't...
Hello, I'm currently trying to see which devices haven't checked in to Splunk in over +30days. The query i've been using shows only 3 devices. But, when I verify that it has phoned home and sent data...
View Article