WMI Input field data truncation
So I would like to implement a WMI based input via WMI.conf among a subset of Splunk Universal Forwarders. In this case I'd like to log PnpSignedDrivers. Here is the input I have defined in WMI.conf...
View ArticleWhy is WMI Input field data being truncated?
So I would like to implement a WMI based input via WMI.conf among a subset of Splunk Universal Forwarders. In this case, I'd like to log PnpSignedDrivers. Here is the input I have defined in WMI.conf...
View ArticleHow to forward logs from universal forwarders to heavy forwarders for...
Hi Guies, We have multiple universal forwarders and 3 heavy weight forwarders. Currently all UFs are forwarding logs directly to indexers. What I want is to configure universal forwarder to send...
View ArticlePulling logs from devices in my network, how can I create a table showing if...
I am pulling logs from the devices in my network and I would like to know if it is possible for Splunk to show on a dashboard, whether or not a user is logged into it. Perhaps this can be displayed in...
View ArticleI have a dashboard showing a list of triggered alerts, but how can I include...
Hi at all, I showed the triggered alerts on a dashboard using a search on the `_internal` index and `source="/opt/splunk/var/log/splunk/scheduler.log"`, after I connected results to a REST extraction...
View ArticleWindows Security Operations Center: After installation, I see four systems...
I'm new to Splunk. I just installed the WSOC app and I see four systems identified on the "About" tab, but I don't see any info in the login events tab nor any of the others? What am I missing? I am...
View ArticleUniversal Forwarder on Windows issue
Greetings all! I haven't worked with Splunk in about a year so I'm a little rusty. Anyhow, I have Linux systems logging to Splunk no issue. However, I seem to be running into problem with Windows logs....
View ArticleCan someone help with installing the Palo Alto app on a forwarder? Having...
I installed the Palo ALto app on the splunk enterprise server and was able to pull data into the app. But i was reading that it wasn't a recommended setup. so i pushed the app out to the universal...
View ArticleUniversal Forwarder on Thousands of Workstations or on a Few Dedicated...
Hello. We have a project that needs to forward Windows events or text files from approximately 6000 Windows workstations. Would it be advisable to install Universal Forwarder (UF) on each of the 6000...
View ArticleI see the wineventlog index growing after universal forwarder installation on...
Greetings all! I haven't worked with Splunk in about a year so I'm a little rusty. Anyhow, I have Linux systems logging to Splunk no issue. However, I seem to be running into problem with Windows logs....
View ArticleHow to install the Palo Alto Networks App for Splunk on a universal forwarder?
I installed the Palo Alto Networks App for Splunk on the Splunk Enterprise server and was able to pull data into the app, but I was reading that it wasn't a recommended setup. So, I pushed the app out...
View ArticleHow to filter events on a heavy forwarder sent from universal forwarders?
Hi Team, We want to drop events which contain the keyword "error" Below is our setup: universal forwarder ------>Heavy weight forwarder -------->indexer/cloud We have multiple universal...
View ArticleIs it recommended to install a universal forwarder on thousands of...
Hello. We have a project that needs to forward Windows events or text files from approximately 6000 Windows workstations. Would it be advisable to install Universal Forwarder (UF) on each of the 6000...
View ArticleHow to configure 2 Universal Forwarder instances (Splunk 6.1.3 and 6.3.0) on...
Hi All, I am planning to configure two Splunk Universal Forwarder instances on one of our AIX machines. Version of Splunk 6.1.3 & 6.3.0. What are the places that I need to make changes in order to...
View ArticleWill the Splunk App for Unix and Linux on a Windows server report on Linux...
Will the Windows version of the "Splunk App for Unix and Linux" report on Linux metrics? My Splunk Servers are Windows-based, but I need to report on the metrics from a Linux (Redhat/CentOS) system. I...
View ArticleHow to implement tagging on a universal forwarder to categorize data so we...
I'm totally lost trying to decipher the impossibly dense abstract documentation here. I need to do something that I'd hope is simple, with a full example really needed. I am getting nowhere fast trying...
View ArticleDoes anyone have examples of using RegEx to convert a Syslog event to a...
I would like to convert a syslog event (no delimiters) to a delimited input at the UF. This would allow for faster searching because I wouldn't have to regex every event at query time. Can someone...
View ArticleWindows DNS Drop line via nullQueue not working
I'm trying to drop DNS requests for internal names from our windows DNS logs. For a guide I am using an answer from this question:...
View ArticleWhy are Blue Coat logs not being forwarded to indexers from FTP servers with...
I have FTP servers where all the proxies are sending logs. I installed the Universal Forwarder on this server (Windows server) and then deployed a stanza for inputs.conf and outputs.conf files. I can't...
View ArticleHow to edit props.conf to collect gz.done files from Blue Coat's proxy FTP...
How to edit props.conf to start collecting gz.done files from Blue Coat's proxy FTP server? Reporter change .gz files to gz.done files. What should I do to start pushing these files via universal...
View Article