Does Splunk Universal Forwarder able to run Powershell inputs
In Inputs.conf it said that we can run powershell scripts using below stanza. Does UF have the capability to run This Inputs alone. [powershell://] Does UF is required to have Powershell to be...
View ArticleCan I run the btool command on a universal forwarder without running shell or...
I would like to run a scheduled Splunk btool command using scripted input to index configs every few hours. I cannot put this command in .sh or any script file and give it as input to scripted input in...
View ArticleIs Splunk Universal Forwarder able to run Powershell inputs?
In Inputs.conf, it says that we can run powershell scripts using the below stanza. Does the universal forwarder have the capability to run this input alone? [powershell://] Is a UF required to have a...
View ArticleCan you delay Universal Forwarder ingesting files ?
I have a minor issue whereby my Linux UF (an NFS server) is generating TailReader warnings in splunkd.log due to insufficient file permissions. It seems that the file permissions across the NFS mount...
View ArticleSplunk App for Infrastructure
Hi, We have a splunk environment with universal forwarders already installed on our windows servers. We want to try the Splunk App for infrastructure. Can we use the existing Universal Forwarders to...
View ArticleCan you delay a Universal Forwarder from ingesting files ?
I have a minor issue whereby my Linux UF (an NFS server) is generating TailReader warnings in splunkd.log due to insufficient file permissions. It seems that the file permissions across the NFS mount...
View ArticleHow can Splunk provide forwarding/receiving security ??
When enabling the receiving function in a Splunk enterprise instance (indexer for example), it will be listening on port 9997 by default( changeable) and any forwarder with the information (indexer...
View ArticleWhere do I exclude data from input?
Hi, I'm sorry in advance for the really basic question but Splunk is all new to me and I couldn't find exactly what I want in the documentation. I have a server class (_server_app_PIA_App_Servers) that...
View ArticleIn the Splunk App for Infrastructure, can you use existing universal...
Hi, We have a Splunk environment with universal forwarders already installed on our Windows servers. We want to try the Splunk App for infrastructure. Can we use the existing Universal Forwarders to...
View ArticleSplunkCloud gateway forwarder architecture and hardware requirements
Hey Folks, We have a fairly secure environment with no servers able to access the internet or route traffic to SplunkCloud. A large majority of the data we will be indexing is OS (*.nix, Windows etc.)...
View ArticleSplunk Forwarder Field Extractions from Source
Hello, I think I know the answer but just want to confirm it. I have a Universal Forwarder and want to extract a field from source and send it to the indexer. It's a regular log (not a CSV, PSV etc...)...
View ArticleCommunication and distribution of information from UF to Indexer (cluster)
Good Morning We have the following concern, we currently have several UFs sending information to the indexers, but we see that some servers have outdated information in the outputs.conf for example...
View ArticleHow do I run a shell script in a universal forwarder?
I have a problem here. My shell script is not giving the complete output in the Splunk search head . What is the command to check and run the script in the UF?
View ArticleCan you help me with communication and distribution of information from the...
Good Morning, We have the following concern. We currently have several universal forwarders sending information to the indexers, but we see that some servers have outdated information in the...
View ArticleHow to improve universal forwarder performance
Hi all, we forward about 300GB per day from a single forwarder instance to an indexer cluster. the forwarder is on a strong machine(24 cores, 130GB RAM, ssd) and we already configured limits.conf and...
View Article"Received event for unconfigured/disabled/deleted
Hi All, "Received event for unconfigured/disabled/deleted " Facing the above message from number of host with different index names. As logs are getting from unknown UF to indexer, how to stop these...
View ArticleSplunk Enterprise 7.0 - Universal Forwarder Question
Hello, I keep hearing flip-flop answers from people saying that if I upgrade Splunk Enterprise 7.0, then I won't be able to receive logs from Windows 2003 servers with a Splunk UF on it. Is this true...
View ArticleMonitoring Input Returned only one file
So I am monitoring a folder for all of the files in the folder on a splunk universal forwarder. In the SplunkUniversalforwarder/etc/system/local the config is: [monitor://\*.csv] disabled = 0 index =...
View ArticleRemote collecting wineventlog from multiple servers
Hi everyone. I am new in splunk. I want remote collect data from 20 Windows servers + 80 windows workstations without WEF (not WMI, only eventlog journals) 1. I installed UF on Windows with domain user...
View ArticleInstalling Splunk Universal Forwarder on Oracle Linux is having issue
Hi All, I have setup Oracle Linux on my VM to collect logs using Universal forwarder. UF not able to start service with error " bash: ./splunk cannot execute binary file". I did try using all the...
View Article