perfmon RAM usage
Hello. I'm trying to monitor a device's hard disk.. cpu.. etc. from universal forwarder. couldn't find the ram usage!? https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowsperformance
View ArticleI've setup a forwarder on Windows. My receiver is enabled and running tcpdump...
one of my team has installed the forwarder on a Windows client. running tcpdump on the backend of splunk enterprise shows: 08:32:06.990056 IP xxx.56097 > splunk.xxx.9997: Flags [P.], seq 777:895,...
View ArticleSplunk Universal forwarder upgrade to 8.0.2
Hi , I tried to upgrade splunk universal forwarder from 7.0.2 to 8.0.2 and everything looks good , No error in splunkd logs Data is ingesting normally and all internal logs are also coming fine. But...
View ArticleCan a Raspberry Pi that acts a universal forwarder be controlled from a...
Hello I have a RPi 4 at home running Raspbian and I have the universal forwarder installed on it and logging data to be sent to the Splunk server on my VM. My question is would it be possible to...
View ArticleIssues Starting Splunk Universal Forwarder: /opt/splunkforwarder/bin/splunkd:...
I'm trying to install a forwarder on a NAS box but everytime I try to start it I get the error: `/opt/splunkforwarder/bin/splunkd: error while loading shared libraries: libpcre2-8.so` I've extracted it...
View Articleerror while executing cron on python script in UF
How to fix this error on UF , getting error while forwarding data from UF to HF. 03-30-2020 07:01:00.193 -0400 INFO ExecProcessor - setting reschedule_ms=59807, for command=python "D:\Program...
View ArticleRoute and filter universal forwarder for two apps
Hope everyone is keeping safe. I'm following this document https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Routeandfilterdatad (Discard specific events and keep the rest) The first app...
View ArticleIssue with Indexing and Sourcetype
Hello, I am using Splunk 7.2 and recently noticed a problem that I'm trying to figure out. I am using Splunk universal forwarder to collect firewall logs from a local windows machine. Logs are...
View ArticleSplunk Universal Forwarder not sending data to Indexer
I am reading different logs from same source folder. But not all files are getting read, one stanza works other don't. If i restart the UF, all stanzas work, but changed data is not capturing by one...
View ArticleSilent Install options
Hello, I'm trying to prepare a silent install of Splunk Universal Forwader, but i'm having difficulty finding the option that unchecks the 'Use this UniversalForwarder with on-premises splunk...
View Articlesteps to move universal forwarder from oracle database server to other...
I am new to splunk, can i get advice on moving splunk universal forwarder from one db host to another. I am looking for options where i don't have to configure whole lot on the target. I tried SPLUNK...
View ArticleUniversal Forwarder - Repeating message TcpOutputProc - Found currently...
I am getting the following messages on my forwarder running on Windows 10: 04-06-2020 18:05:52.171 -0700 INFO TcpOutputProc - Found currently active indexer. Connected to idx=192.168.218.6:9997,...
View ArticleWhy is the Splunk universal forwarder dropping from deployment server?
Splunk UF's are having different versions 6.0.0, 6.3 and 6.5.2 are connecting to Deployment server with 7.2.6 server. All of sudden some of the clients are dropping from Deployment server.
View ArticleAWS logs push to on-premise splunk with universal forwarder
Hi Everyone, I am new to splunk configuration. So looking for guidance and step by step configuration. I need to configure primarily aws CloudWatch log groups (ec2 instances /var/log/messages and...
View Articleuniversal forwarder manipulate host and source via inputs.conf
I have a dedicated server which is running syslog-ng and a universal forwarder. i want to set 3 things one of them dynamically: # /opt/splunkforwarder/etc/system/local/inputs.conf...
View Articlesplunk universal forwarder not monitoring all files in a folder
Same version of splunk forwarder (8.0.2) on 2 linux servers are behaving differently. One lists all files under a folder to monitor. However other one shows only few of them. What's the issue.
View ArticleSplunk Install in Forwarder Mode and Props
Hi, I want to preface I understand that props isn't fully processed if you install it on the universal forwarder. My question is about the difference between the install of a Splunk Universal Forwarder...
View ArticleFilter the data of a logfile at Universal Forwarder?
Hi Splunker, I am using splunkforwarder 6.5 on windows 2k8 servers. I am monitoring a log file, from splunk. I have modified inputs.conf at Universal Forwarder. The size of the file that i am...
View ArticleNo data from indexes in cloud search head
Hi everyone, I could really use some input from you all. I am using Splunk cloud in my environment, with a deployment server on-prem for universal forwarders. Two days ago, I stopped receiving data in...
View ArticleUsing a splunk add-on for infrastucture for a working universal forwarder and...
Hello, I'm new with Splunk and still exploring how to use it. I was able to successfully create a Splunk Enterprise and Splunk Universal on two separate linux virtual machines. Now, my goal is to...
View Article