How to redirect logs from a Universal Forwarder to a specific created index,...
Hi, I'm trying to redirect all logs from a folder in a forwarder to "just" a specific index that we created on the indexer. This is our own created index and we want to index the logs from that folder...
View ArticleHow to index all users' OS search history, web search history, and web...
I am interested in indexing all user's OS search history, web search history, and web browsing history from any browser using a universal forwarder on a given host. I also want to collect these logs...
View ArticleHow to deploy the Splunk App for Stream to multiple universal forwarders with...
Dear experts, My customer has 100 universal forwarders and each of the UFs are running the Splunk App for Stream. The problem is that each UF needs to have different settings for monitoring network...
View ArticleHow to configure universal forwarders on roaming laptops to maintain Windows...
I've installed a few Universal Forwarders on Windows laptops that are not consistently connected to the network. One machine did seem to cache events and forward them when reconnected, but another did...
View ArticleAfter installing a universal forwarder on on Active Directory, how do I...
Hi, I tried to install the Universal Forwarder on Active Directory, but I did not get a window during installation phase to enter the username and password of the account to install with and which logs...
View ArticleHow can I further troubleshoot why I am unable to send data from a forwarder...
I have installed a universal forwarder in one laptop and Splunk Enterprise in other laptop in my home. Both are connected via ethernet LAN. I am able to share files and folders between those laptops,...
View ArticleUnable to filter WinEventLog inputs with RenderXml and XML character entities...
Filter attempts (whitelist or blacklist) on Message key value data appear to behave differently when renderXml = True compared to when renderXml = False. Taking the following Event Message data for...
View ArticleHow do I select different sourcetypes for multiple logs coming from multiple...
How do I select different sourcetypes for multiple logs coming from multiple servers (no universal forwarders, using rsyslog.conf)? When I set up the input port, it only offers one type of sourcetype...
View ArticleHow can I collect events from several groups of Windows servers with separate...
My goal is to create a multi-tenant environment for monitoring several groups of Windows Servers. In other words, I’d like to index every group with a separate dedicated index. The Splunk Universal...
View ArticleWhy doesn't my Hurricane Labs Add on for Vulnerability Management show any...
The app says it would not need any configuration, however, upon loading the app, it returns no results in any of the multiple fields. I am pulling vulnerability information from a Nessus scanner via...
View ArticleWhy does my Splunk universal forwarder monitor stop processing files the next...
Hi, I have a Splunk Universal Forwarder running on Windows 2012, monitoring a bunch of files in different folders. The files are monitored fine, until the next day, when they stop. No idea why. The...
View ArticleHow do I get hosts (universal forwarders) show on the Splunk Light home page?
I have Splunk Light installed and set up on my server. I have the receiving port set. On the client I want Splunk Light to monitor, I have installed the Universal Forwarder and pointed it to the Splunk...
View ArticleCan a universal forwarder work without connectivity to a deployment server?
We have universal forwarders planned for the DMZ. Firewall admins want to limit connectivity to as few ports as possible. I know the UF needs to connect to the indexer (TCP-9997), but can it live...
View ArticleHow to configure wineventlog on a universal forwarder to include milliseconds...
I'm using a Splunk 6.3.1 Universal Forwarder for Windows to forward a custom event viewer log to a Splunk indexer. Works fine except the timestamps do not have millisecond precision. I used a tcp...
View ArticleUniversal Forwarder Upgrade Problem using SCCM: "Failed to get version for...
Hello everybody I'm trying to upgrade our Splunk Universal Forwarders using SCCM. I'm using the following Command: msiexec.exe /i splunkforwarder-6.3.2.0-x64-release.msi...
View ArticleNeed to hard code host reported by Universal Forwarder
Hello, We are currently in the process of moving some of our hosts from Solaris to Windows. These hosts are part of Veritas clusters. Currently, the Solaris hosts report the Veritas cluster name via...
View ArticleHow to uninstall/reinstall Universal Forwarder
I have uninstalled the collector (ver. splunkforwarder-6.3.0-aa7d4b1ccb80-x64-release.msi) on Server 2012 R2, when I try to reinstall it I get the message "Product: UniversalForwarder -- This version...
View ArticleConnection problems with Universal Forwarder for Linux ARM and Splunk Cloud...
Hi everyone, I am currently trying to run the Universal Forwarder for Linux ARM on a Raspberry Pi 2 Model B with an arch linux installed. I want to forward the data to Splunk Cloud, however, I'm having...
View ArticleWhy does the Splunk universal forwarder service stop after installation on...
After I installed the Splunk universal forwarder on Windows server 2008 R2 x64, I can't start the service. This is what I got in Event Viewer ![alt text][1] this is what I found in /va/logs ERROR...
View ArticleDoes the Splunk Add-on for Microsoft Windows have a way to poll the IP...
I would like to get the IP address of my Windows universal forwarders. [WinHostMon://NetworkAdapter] doesn't give an IP, just MAC address. [WinNetMon://inbound] and [WinNetMon://outbound] give an IP...
View Article