Universal Forwarder and Splunk Technology Add-on f...

aberdamy · ‎10-16-2013

Does anyone know if there are any docs out there that describe the design/architecture of the Universal forwarder and Technology Add-on for Windows? Has anyone had any issues with these forwarders on domain controllers? Does the agent leave anything behind when it is uninstalled?

thanks in advance,

aberdamy

lukejadamec · ‎10-16-2013

Other than the documents for the App and the information this Answers site there are none, you should contact Splunk Support if you're having a specific problem.

I have had issues with these forwarders on Domain Controllers - check points on log files can get 'lost' causing 24+MB/minute of splunkd logs, which can slow down the system. Another problem is that when logging is enabled on the DCs, it can slow down the system.

The agent should uninstall via Windows Control Panel > Uninstall cleanly.

lukejadamec · ‎10-18-2013

When the forward would act up it would slow down the indexer, but that was when it was 32 bit. It does not seem to effect the 64 bit system.
The DC logs will slow down the DC, but if you already have logging enabled the forwarder should not cause a problem.

aberdamy · ‎10-18-2013

Thanks for your reply. When you say "slow down the system" are you referring to the indexer or the domain controller after you installed the forwarder? Logging is already turned on for all of our dc's.

thanks

Universal Forwarder and Splunk Technology Add-on for Windows questions

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation