Does Universal Forwarded supports Server Name Indication (SNI)?
Hi there folks, I would like to ask if Universal Forwarder can support Server Name Indication (SNI)? That is extension of TLS protocol which can be used by nginx to deploy SNI-based-routing from UF`s...
View ArticleIssue filtering specific logs on UF
Hi, I have recently started building apps on splunk. I am monitoring a log file on the UF , containing logs from various applications and trying to fetch specific alert logs from a containing...
View ArticleHow to do custom encryption and decryption on a Splunk universal forwarder?
I am trying to do custom encryption and decryption of data on the universal forwarders. I am trying to configure the Splunk UF to use own certificates and forward the encrypted data to the third-party...
View ArticleDifferent target ports for different Log sources on Universal Log Forwarders
Does the Universal Log Forwarder support to send the syslogs traffic using different target ports based on source IP/port of the incoming traffic ? for input source IP 1 / port 1 => use output...
View Articlehelp needed with UF settings distributed over deployment server
Hello, I would like to distribute one UF parameter to my clients, it is: limits.conf ... [inputproc] file_tracking_db_threshold_mb = 150 ... For that I created an app called SplunkUniversalForwarder in...
View ArticlePython 3 modular input on a universal forwarder version 8
In light to the discontinuation of Python 2.7 we have upgraded both our universal forwarders (to version 8) and our system python (to version 3.7). Unfortunately, the new UF does no longer seem to want...
View ArticleIssue with AWS universal forward to SplunkCloud
Hello! There is some strange situation i did like in article https://medium.com/@robert.r.svensson/how-to-send-security-logs-from-aws-ec2-linux-hosts-to-splunk-cloud-495f8a180ce6 But i have a error in...
View ArticleUniversal forwarder setup wizard ended prematurely because of an error. Your...
When Installing UF I am receiving error on Windows servers could you please help me on this
View ArticleError while installing Splunk forwarder in windows system
I am installing 7.0.13.1 UF Agent but I am receiving above error... In Windows server 2012 R2 64 bit Universal forwarder setup wizard ended prematurely because of an error. Your system has not been...
View ArticleSending audit log data to Splunk from PL/SQL
We have been tasked with obtaining audit log data from a vendor's cloud hosted application via a web service call. We have written Oracle PL/SQL to obtain the data and parse it. We now need a strategy...
View ArticleHelp configuring a domain controller on a universal forwarder to send data to...
Hello Guys, I am very new to Splunk and am trying to configure UF to send data to an indexer on port 9997. I have enabled the receiver in indexer instance. I have added [tcp://....DC IP Address:9997]...
View ArticleAny suitable option for collecting data from HP, Dell switches using...
Hello Everyone! So, I have my Splunk Enterprise and universal forwarder installed on the same machine running Windows Server 2019. I wanted to know if there was a suitable way of collecting logs from...
View ArticleInputs.conf blacklist with a negative regex
Hello, I need create a whitelist with the blacklist. I mean... I have three blacklist in the windows security input: [WinEventLog://Security] disabled=0 index = wineventlog source =...
View ArticleIs it possible to force an Universal Forwarder to use an specific ip address...
We have several Universal Forwarders installed on different Linux machines. Due to the virtualization technology, each of the Linux servers has several ip addresses. By default the Universal Forwarder...
View ArticleMonitor multiple unrelated directories
Using the universal forwarder I need to monitor multiple directories in separate parts of the filesystem. Specifically (obfuscated so as not to identify our customer): [monitor:///var/log]...
View ArticleHow to monitor multiple unrelated directories
Using the universal forwarder I need to monitor multiple directories in separate parts of the filesystem. Specifically (obfuscated so as not to identify our customer): [monitor:///var/log]...
View ArticleMissing events from Splunk Universal Forwarder
I have one missing event out of 168 events from our Universal Forwarder. I've already checked the internal logs and the file has been indexed "Batch input finished reading file=", but I cannot find...
View ArticleSetting up "Windows Host Information" gathering with universal forwarder?
Good Morning I wanted to ask if i could get some assistance/clarification on setting up the Windows Host Information gathering function in Splunk not just for local hosts but remote hosts also, via the...
View ArticleUniversal Fowarder: Upgrade and switch to low privilege mode
Hey All, We are planning on moving all of our UF's to the low priv mode install but I had a question. Our current UF's are on 7.2.4. and we are looking to upgrade very soon. We are also planning on...
View ArticleHow to configure universal forwarder to ignore a directory
Hello, I currently have a Splunk universal forwarder on a few of my windows servers. The UF config is received by my Splunk deployment server. I have .exe processes that are currently utilizing much of...
View Article