All, I've noticed by default that Splunk Forwarder gives itself /bin/bash in /etc/passwd. e.g. splunk:x:1001:1001:Splunk Server:/opt/splunkforwarder:/bin/bash I changed it to t...
Working with a hosting provider (Pantheon), they allow access to the access logs, but not to install a forwarder on their servers. So I installed a forwarder on a server i have control over and set u...
...understand there are methods for restricting forwarder to indexer access but not forwarder to index. I also understand that with proper forwarder configurations this shouldn't be an issue but given d...
...he physical hostname (which are the names identified by the splunk forwarder). Our Lookup table look like this: sys_name,srv_name
srv1,server-db1
srv2,server-db2
srv3,server-web1
s...
...unk at it? How is this traffic filtered or authenticated? Control of which index the data is dumped to seems to be in forwarder configuration, so the server seems to not have any control o...
...ield Access-Control-All-Headers is not allowed by Access-Control-Allow-Headers. error.My server.conf config are as follows
[sslConfig]
sslKeysfilePassword = $1$0RQz5YVamCN2
enableSplunkdSSL = f...
...dentical line 2 which is the column names. After adding HEADER_FIELD_LINE_NUMBER =2 (in props.conf on the forwarder), I'm still getting events with the column names, but now I'm ALSO getting events with j...
When enabling the receiving function in a Splunk Enterprise instance (indexer for example), it will be listening on port 9997 by default (changeable) and any forwarder with the information (indexer I...
I usually used a web application to control or edit settings for data forwarder. Yesterday, the web access to the localhost:8000 is disabled showing page not found. I checked netstat -an | grep 8...