(beginner) how to use splunk universal forwarder?
Hello. I want to import some data(not kubernetes logs, metrics) to splunk (Enterprise). I've heard I should use splunk universal forwarder. (My data is like commit info of Git (who commit, when, how...
View ArticleDealing with a UF client that is sending too much data
I have a number of windows clients using the Universal forwarder to send a small log file to Splunk. Typically around 15kb per day per client. However, when testing this I found a client that is...
View ArticleIs the universal forwarder 8.0 supported on Windows 2012 R2?
The [Forwarder Manual 8.0][1]'s mention of system requirements links to the [Splunk Enterprise Installation Manual 8.0][2], which only lists 2016 and 2019. But I'm unclear if that just means that...
View ArticleWill an updated datetime.xml temporarily solve the Y2K timestamp issue?
I have recently migrated to Splunk cloud and completed the necessary version upgrades to ensure we are compatible with the timestamp issue patching. However, I still have an on-prem instance of Splunk...
View ArticleUniversal forwarder error from splunk-wmi.exe
I have been trouble shooting this problem for a little while now and no luck. Anyone have any guidance on what is causing the following error? It is being executed by the splunk-wmi.exe script. WMI -...
View ArticleWhat is the max file size that a universal forwarder can input via a batch...
Splunk universal forwarder inputs.conf batch stanza is attempting to read CSV files that range in size from a 10MB to 2GB. On the forwarder the splunkd.log shows "Stale file handle" and "CRC...
View Articlehow does Universal Forwarder work?
Hi, all I wonder about Universal Forwarder. I have to switch master uri of deploymentclient.conf and outputs.conf because I created new cluster master(new is production environment) If the switch does...
View ArticleUniversal Forwarder props.conf and transforms.conf settings
I am trying to get the output from a python script to indexer. So i added transforms.conf and props.conf under C:\Program Files\SplunkUniversalForwarder\etc\system\local transforms.conf...
View Articlehow to configure splunk forwarder to monitor a file whose name changes on...
Hi All, I am trying to monitor a logfile which is generated in a path every day at 23:55 from a python script. My problem here is the file name of the log file changes everyday as the script is...
View ArticleHow do I copy forwarder inputs from one indexer to another indexer?
I'm working on load balancing the universal forwarder and want to make sure the additional indexer that will now receive inputs from forwarders is configured to accept.
View ArticleSplunk datetime issue - does this affect Universal Forwarders forwarding to...
We use Splunk Cloud and have 3 Heavy Forwarders (which I updated yesterday with the new datetime.xml). We also have about 10 universal fowarders (most of them on Windows). Do I need to apply the...
View ArticleHow to keep powershell process alive
Hello, I've created a Powershell script that I use to monitor a folder. It all works how it's suppose to work, but the problem is when I deploy it as an Splunk App, it starts the Script but doesn't...
View ArticleBest Practices for SNMP traps from Universal Forwarder
I am trying to send SNMP traps from Cisco wireless controllers to our universal forwarder which has net-snmp installed. While I have it working and data is getting to the indexer, I have a few problems...
View ArticleInstall Universal forwarder from Splunk Deployment Server?
Hi, Want to monitor many devices on my local site and on remote, can I deploy installation of universal forwarder agent on these devices from the splunk deployment server?
View Article*Nix add-on with official universal forwarder docker: cannot run cpu.sh nor...
We're able to partially get the official Splunk universal forwarder docker container to run the official *Nix add-on so an endpoint can collect & send its basic host metrics, but some of the...
View ArticleGetting List of the Universal forwarders
Hi There, I wanted to get a list of forwarders from the metric logs. The base logs have confused me a lot. Below is the sample. For the same hostname...
View ArticleAssigning sourcetype by host - UF
Hi All, I have a UF which gets logs of syslog via UDP:514. I am trying to set sourcetypes by hosts' IPs but i can't figure this out. For example, for [host::192.168.0.1] I want to set source type of...
View ArticleStop UF service to delete and reinstall app via Deployment Server
I have an issue deploying the Splunk Stream App. The Stream apps are already installed on UF's but I get an error when reloading deploy server and the config can't overwrite as there is a file (NPF)...
View ArticleNot able to read CSV from Universal forwarder
I am trying to read csv from one of my universal forwareder, below is my inputs file [monitor://D:\DUMP\Updated_Dump*.CSV] sourcetype=csv disabled=false index=xyz crcSalt= After checking splunkd log...
View ArticleHow to do own encryption and decryption on splunk universal forwarder.
I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the Splunk UF to use own certificates and forward the encrypted data to the third-party...
View Article