Help with choice of forwarder
3 questions: Can I use directly syslog for everything enabling it to each machine, without getting use of universal forwarder or heavy? What is the advantage to use directly it rather than install UF...
View ArticleTrouble forwarding splunkd.log output to syslog.
I must be missing something very simple here so bear with me. I am running a Splunk universal forwarder instance, and I would like to forward its internal logs (e.g. splunkd.log) to my own Syslog...
View ArticleSplunk Universal Forwarder vs Deployment Server troubleshooting
I'm having some issues getting Universal Forwarders to talk to the Deployment Server, and I'm looking for some troubleshooting pointers. Here's the scenario, pretty basic setup. Splunk Enterprise 7.3...
View ArticleApplying quarantine and removing quarantine
Hi All, This is kind of similar issue as mention on below link but since it was unanswered posting it again. https://answers.splunk.com/answers/211112/applying-quarantine-removing-quarantine.html We...
View ArticleLinux deployment of Universal Forwarder issue around not getting prompted to...
Hi - I am trying to deploy the universal forwarder to Linux. We have Altiris to deploy both the script and the package and a service account on the machines we want to deploy to. So I don't need a...
View ArticleUnable to install Splunk Universal Forwarder on Network drive
Hi Team, Currently, I am facing the following issue: - I would like to install Splunk UF package (6.5.3) on a Network drive on Windows System. Windows Server IP: 10.23.97.2 - I was able to copy the UF...
View ArticleDoes a file monitor input work even if the log being monitored is open for...
Hello all, As the title states, I'd like to know whether a file input continues to index a log even though that file is open for writing by the application that manages it. I'm busy evaluating whether...
View ArticleSplunk forwarder - When the log file will be send to splunk indexer ?
Hi, I'm currently monitoring log files on unix server. Jobs application write log file in a directory. I want to monitor only log file that is finished to be write. How i can do that ? I don't want...
View ArticleUniversal Forwarder Windows 2019 Server core: Domain account set up
Is Windows 2019 server core supported for the universal forwarder? I need to install the universal forwarder into another domain to get security logs from the domain controller. What domain account...
View ArticleDeployment of Universal Forwarder to Apple Mac fleet
Our company operates a fleet of Apple Macs. We would like to automate the deployment and configuration of the Universal Forwarder agent to these Macs via our MDM platform, but there is very little...
View ArticleSplunk UF Deployment - Possible Issues
Hello. We are planning on deploying UFs across our enterprise ~ 3000 systems. Currently, we have deployed UFs to 50 systems and have seen no issues. Before doing a large deployment to cover our entire...
View ArticleHeavy Forwarder Configuration Query
Hi All, I have inherited Splunk Enterprise in my company which includes 3 Indexers, 2 Search Head and each Deployment & Licensing Master and Cluster Master. Now in order to receive events from more...
View ArticleSplunk Forwarder support by Splunk
Hi - We are upgrading Splunk to 7.2.8 since 7.0 is out of support. the Universal forwarders are not mentioned in the Splunk support page and refers only to the Splunk enterprise. Does the UF need to be...
View ArticleExecute a command through the CLI on a remote system
When I run `splunk cmd`, I can execute any external system command using Splunk's context. I want to combine that with the `-uri` parameter to be able to send remote commands to Universal Forwarders....
View ArticleSyslog vs Forwarders
If I have an environment with an rsyslog collection server that is working just fine and collecting from thousands of endpoints, should I keep that or get rid of that and collect events using a UF on...
View ArticleHow to run basic PowerShell script on universal forwarder
I'm trying to do something very simple but for some reason I can not get it to work. I'm trying to run the basic PowerShell command below on a universal forwarder (on a Windows 10 workstation) but the...
View ArticleHow to remove the Windows message description
Found a great article on how to remove the Windows message description - https://www.hurricanelabs.com/splunk-tutorials/windows-event-log-filtering-design-in-splunk# - and followed the article to...
View ArticleIs there a way to delay splunk universal forwarder from monitoring specific...
Hello, We have an issue monitoring os_metrics logs where the log entries are generated from a Windows command wmic and written to a file under this path...
View ArticleHow to monitor and alert when the Splunk universal forwarder service has been...
On my Universal Forwarders, I want to have the ability to monitor and alert off when the Splunk Universal forwarder service has been stopped or modified. Any options on how to do this? I am already...
View ArticleSplunk UF Backlog
Hey everyone, quick UF question here... If a UF stops for whatever reason then comes back on later on, will the UF send the backlogs it missed while the service went offline?
View Article