Universal forwarder executes regmon, powershells and others with out them...
Hi, why is my UF on Windows executing various splunk-* tools without them beeing configured in any input? Every few minutes I see them in sysmon: splunk-powershell.exe splunk-regmon.exe...
View ArticleHow to configure UF on Linux to send a log file to Splunk HF?
Hi, I installed and configured UF on a Linux server to send syslog to Splunk HF. I am now trying to send an application log also on the same server, say it's in /opt/application/applog.log, to the HF....
View ArticleWhy is the Universal forwarder executing regmon, powershells and others with...
Hi, why is my UF on Windows executing various splunk-* tools without them beeing configured in any input? Every few minutes I see them in sysmon: splunk-powershell.exe splunk-regmon.exe...
View ArticleHow to configure universal forwarder on Linux to send a log file to Splunk...
Hi, I installed and configured UF on a Linux server to send syslog to Splunk HF. I am now trying to send an application log also on the same server, say it's in /opt/application/applog.log, to the HF....
View Articlestart request repeated too quickly for splunk.service
● splunk.service - Systemd service file for Splunk, generated by 'splunk enable boot-start' Loaded: loaded (/etc/systemd/system/splunk.service; enabled; vendor preset: disabled) Active: failed (Result:...
View ArticleBlacklist WinEventLog::/Security with user names ending in $
I'm trying to get a blacklisted log entry that works on Universal Forwarders to filter out specific event codes with user fields that end in $ in their value. What I have now, works on my test...
View ArticleRequest for splunk upgrade shell script for Linux/Unix
Hi Team, Currently I am working on a UF Auto installation script where the script has to automatically upgrade the UF package on all Linux boxes (that have v6.5.3) running to v7.3.4 using this script....
View ArticleLimiting RAM CPU and Disk utilization on Universal Forwarder
Hello Splunkers, I want to know if we can limit the RAM, CPU and Disk utilization of a server where I have installed the Universal Forwarder. Currently, based on my research I understand that the...
View ArticleHow to filter windows event logs in forwarder based on event codes.
Hi, I am trying to pull event logs from remote machines using universal forwarders. I have done the configuration in the inputs.conf files. below is the configuration in my inputs.conf file....
View ArticleSplunk Forwarder enable boot start not working on Windows XP
Hi, I have Universal Forwarder on my Windows XP machine. I enabled the boot-start upon installation but upon rebooting the machine, splunk forwarder is not running and it needs to start manually. Does...
View ArticleSplunk Universal Forwarder 7.2.x compatible with Linux kernel 4.x / RHEL 8?
Are the Splunk UF 7.2.x releases compatible with being run on Linux kernel versions 4.x, specifically RHEL 8?
View ArticleOne UF isn't connecting to the indexer
One of my forwarders is not connecting with the indexers. Another system that is identical is connecting just fine. I keep getting errors about the message being rejected because it's too big, but I...
View ArticleSplunk forwarder preventing Docker rebuild
I am wondering if anyone has come accross this issue before: System and application versions: • Docker version 18.09.4 • Splunk version 7.2.6 (?) • Windows Server 2019 1809 Build A summary of what...
View ArticleHow does a Splunk universal forwarder talk to an indexer?
Total newb here, so please be gentle. So we are on the Windows platform and have Splunk Universal Forwarder 8.0.2 installed on many Windows 10 workstations as well on a bunch of Windows Server 2012 R2...
View ArticleShuold I upgrade my universal forwarders when after I upgrade my HF?
Hi team! Shuold I upgrade my universal forwarders when after I upgrade my HF? Data > UF > HF > Indexer Right now all is in 6.5.2 version. Indexer and HF will be in 7.3.4 soon. Thanks! Salut
View ArticleJSON file event breaking parsing on universal forwarder
I have a JSON file. Once I upload the file on the search head using the below stanza in props.conf it's indexed properly. Splunk 7.3.4 [json_test] CHARSET = UTF-8 DATETIME_CONFIG = CURRENT...
View ArticleUniversal Forwarder vs Heavy FOrwarder
Hi All, Is there any recent test,conf discussion or doc around mentioned below splunk blog 2016: https://www.splunk.com/en_us/blog/tips-and-tricks/universal-or-heavy-that-is-the-question.html Is it...
View ArticleReading large Files using Splunk UF
Hi, I am currently trying to read logs file of size 10Gb. I have changed thruput to 0 but still takes about 30 min-1 hr for Splunk to finish reading the file. Is there a way to increase the reading...
View ArticleReset password of splunk service account (Used in installing UFs)
Hi everyone, I have an issue in splunk UF installation in windows regarding the user, previously i did all the UF installation by splunk service account (domain account) for all windows servers and now...
View ArticleSplunk Universal Forwarder Upgrade
Hi , I am looking for some information on Splunk Universal forwarder upgrade. We have 3000 + forwarders that needs a mass upgrade. What are the things do i need to consider for upgrading like backups...
View Article