How do I find out the settings for a universal for...

teagerton · ‎06-04-2012

I've been given ownership of Splunk at my job. I've gone through most of the manuals, but I haven't seen anything that answers this question. The universal forwarder is on a Windows 2003 server and splunk is on it's own Red Hat server. Currently Splunk is working for all jobs that have been created, but I can't get the forwarder on windows to work.

jeff · ‎06-04-2012

More detail would be helpful to the community to give you better direction. Generically, you can figure out your applied settings by running the command:

splunk cmd btool [conf file] list --debug

... so to figure that you have the forwarder correctly configured to send data to your indexer, you would run

splunk cmd btool outputs list --debug

You can also dig through the logs at

$SPLUNK_HOME/var/log/splunk

mikelanghorst · ‎06-07-2012

pointing out that "cmd btool" is especially helpful in that it will show you the resulting configuration when you may have multiple apps' configuration files.

How do I find out the settings for a universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation