How do you discard events from the cron.log?
On my universal forwarder, I have a repeated entry in my cron.log file that I would like to discard. However, I am not very familiar with regex terms. The entry in the cron.log is: hostname...
View Articleforwarding logs to third party system
Hello All , I want to check that whether Splunk forwarder agent (UF) can be use to forward collected raw data to another analytics tool other than splunk , I mean third party analytics tools . I have...
View ArticleI ran |delete on data. Why won't the forwarder resend?
I ran |delete on some data (oops!). How do I get the universal forwarder to send the data to the indexers again?
View ArticleSplunkd tainted with universal forwarder 7.1.2 on Linux kernel 4.9
My Splunk Universal forwarder crashes with following logs as soon as started . I don't see same crash on a different kernel, Splunk universal forwarder version: 7.1.2-a0c72a66db66.i386 splunkd.log has,...
View ArticleHow to filter IIS logs on Universal Forwarder
Dear all, I'd like to filter IIS logs and forward only .aspx requests to Splunk. I tried something like this: [monitor://C:\inetpub\logs\LogFiles\*\*.log] _TCP_ROUTING = default-autolb-group disabled =...
View ArticleCan you help me upgrade my Universal Forwarder (UF) from 4.x to 6.0.7?
I am new to Splunk and our UF has version 4.x. Since it's out of support, and we have Splunk version 6.0.7. I want to upgrade my UF from 4.x to 6.0.7. Can someone help me with steps to do and from...
View ArticleWhat kind of situation should I configure "SHOULD_LINEMERGE" on the UF side?
My environment: UF ver 7.2.3 on windows Indexer ver 7.2.3 on Linux My UF is monitoring log that has second header line in middle of log like below. * I don't know why, but this is specifications of...
View ArticleCan you help me filter events that are coming from several universal forwarders?
Hi all, I am trying to filter events that are coming from several Splunk universal forwarders. I have set a Splunk server that gets all the logs from the universal forwarders, filters them, and then...
View ArticleCan you help me with the following error on my universal forwarder:...
I am receiving the following errors from my universal forwarder: "Monotonic time source didn't increase; is it stuck?" How do I resolve this?
View ArticleHow do I forward logs from a network/shared location on a Windows machine to...
I have installed a universal forwarder on the Windows machine, but the actual logs are getting generated at a shared location. How do I get these logs forwarded to Splunk? Logs generated locally to the...
View ArticleHow do you forward active directory events to different Splunk Clusters?
Hello, I have two companies that use the same Active Directory but each one has a different Splunk platform (both in cluster mode). Now, I have installed a universal forwarder (UF) on each domain...
View ArticleCan you answer some questions about maxKBps involving replacing a heavy...
I replaced a very old heavy forwarder today with a universal forwarder that some of our network gear was pointing syslogs too. The flip went smooth but we quickly noticed that the number of logs we...
View ArticleAfter log rotation, UF does not forward logs.
My environment: Splunk Ver 7.2.3 UF Ver 7.2.3 UF monitors `var/log/messages`, and forward it to Splunk. But after log rotation at `02-05-2019 00:05:00`, UF no longer forward it. In internal log, there...
View ArticleTCP Input to Splunk lnput from SAAS App
I have a java application running in an AWS instance. I want to use the following log4j2 appender to push logs directly into the TCP input in Splunk Cloud; However, it seems I have to create a...
View ArticleUniversal forwarder issue in AWS
Hi , i have created 2 instances of windows in AWS and using one of the instance using universal forwarder to forward the logs on another windows instance of splunk enterprise as my indexer. But the...
View ArticleGetting UF's to send missing data
We had a weird incident happen and we stopped receiving log files for a very specific time window. Is there a way to kick the UF clients to resend data to the indexers?
View ArticleHow i can configure the universal forwarder in docker
Hi guys, how i can configure the universal forwarder in docker. I create the image and container but in the container i cant find the conf files that i need for configuring the universal forwarder. I...
View ArticleHow do you get a universal forwarder to send missing data?
We had a weird incident happen and we stopped receiving log files for a very specific time window. Is there a way to kick the UF clients to resend data to the indexers?
View ArticleHow do you pull out the latest entry "only" for the last numbers entered?
I have one file that is pulled in by a universal forwarder setup. This file is constantly changing on the system for which the file resides on, and the old data is never removed. I don't want the...
View ArticleHow can I configure the universal forwarder in Docker?
Hi guys, How can I configure the universal forwarder in Docker? I create the image and container, but in the container, I cant find the .conf files that I need for configuring the universal forwarder....
View Article