Recently Splunk didn't indexing one specific log file in many other same log...
Hi Splunk Experts, I have configured a monitoring path in my Splunk Enterprise environment with the help of Splunk Universal Forwarder. From last 2 days I have facing an issue that particularly a one...
View ArticleUniversal Forwarder on FreeBSD ARM (Netgate3100 - pfSense)
Hi All, I would like to install an UF on an appliance pfSense (netgate3100). It's a FreeBSD running on ARM. In the UF download section, I could only find UF for FreeBSD x86. Is there a version for ARM...
View Articlelimits.conf on universal forwarder OR indexer servers?
We have a universal forwarder that monitors json files with number of keys>500. We need to parse this during index time, since we don't want to affect search performance during search time. By...
View ArticleShould you add the configurations in limits.conf on universal forwarder OR...
We have a universal forwarder that monitors json files with number of keys>500. We need to parse this during index time, since we don't want to affect search performance during search time. By...
View ArticleCan the universal/heavy forwarder monitor a folder that is receiving a...
Hi, we have our use case here that either we'll be monitoring an approximate of 6 thousand files that are updating at random interval or monitoring a folder that will receive 6 thousand files per 15...
View ArticleHow to establish secure connection between Universal Forwarders and Heavy...
Hi, Good day! We have distributed Splunk Enterprise setup, we are trying to establish secure SSL communication between UF-> HF-> Indexer. We do have certificates configured for Search heads,...
View Article/local/inputs.conf Not Being Read
Hello all! I'm experiencing an issue in my initial roll-out of my Splunk Universal Forwarder. While I had no issues in my test environment, I am now seeing an issue regarding /local/inputs.conf. When I...
View ArticleHow to use the current Deployment Server to configure remote UFs with a new...
Hi, I have not found the post if it already exists... But I have to reconfigure a lot of UF(s) to check-in with a new DS. Unfortunately the original DS was not configured with a FQDN. Is there a method...
View Articlersyslog server with UF not sending events to Splunk
Hi. At Splunk's recommendation, I have a centralized syslog server (using rsyslog) that writes to /logs/hostname/year/month/day/file.log This works fine. However, I cannot get the Universal Forwarder...
View ArticleUF silent installation with own certificates and password
Hello We try to install the latest UF silently on our Windows machines using the following command msiexec /i splunkforwarder-7.1.2-a0c72a66db66-x64-release.msi DEPLOYMENT_SERVER=":8089" LAUNCHSPLUNK=0...
View ArticleHow do you do a silent installation of a universal forwarder with own...
Hello, We tried to install the latest universal forwarder silently on our Windows machines using the following command msiexec /i splunkforwarder-7.1.2-a0c72a66db66-x64-release.msi...
View Articlesplunk forwarder to splunk cloud trail version
Hi All, Am trying to send data to splunk cloud trail version with the help of Universal forwarder.i followed with this doc....
View ArticleWhy does Splunk universal forwarder have high CPU usage on system?
I added an app recently to pull in PowerShell Transcription logs that are output to C:\Logs\YYYYMMDD\YYYYMMDDHHSS.randomstring.log So I created the following app: > [monitor://C:\Logs\\*\\*.txt]>...
View ArticleSplunk build (SPLUNK_BUILD) for 7.1.2. I
I'd need to run a custom docker build and it required the build hash to grab the release. Thanks.
View ArticleWill Outputs.conf reflect the timestamp parameters?
Hello Splunkers, I have outputs.conf in my Universal Forwarder at \etc\system\local\ , I am monitoring some log files gave the monitor path in inputs.conf. Now just like we mention in props.conf about...
View ArticleDo Props.conf create any effect, in customize app at Forwrader?
Hey Splunkers! I have a doubt, when we create any customize app in Splunk, for any purpose, lets say for log monitoring. So the default props.conf will be effective or if i update something in my...
View ArticleWhen universal forwarder using wildcard monitor statements over deep file...
Hi I read a post saying "**Using wildcard monitor statements over deep file systems has a significant performance impact, so if this can be avoided it would be of benefit**." I'd like to better...
View ArticleJSON is truncated as soon a timestamp is found
I'm trying to read a json file generated by a ps1 script on Windows, but the UF keep truncating the json as soon it finds a valid timestamp. Removing the timestamp 'fixes' the problem, but I need the...
View ArticleLatest App installed on UF
Hi, Greetings! Please help me with below queries 1. When was the latest app installed on a UF with time and app name 2. When was the last time a UF was restarted Thanks in Advance!
View ArticleHelp with downloading App in zip format
Hello, I would like to deploy the Metricator App. For that I need also the TA-metricator-for-nmon (technical Add-On) on my source where the universal forwarder is running. How would I get the...
View Article