I'm trying to use the Splunk App for SOAR to forward logs and events from SOAR to Splunk Enterprise. The servers seem to be connected (test connectivity works) but the data (events, playbook runs e...
...nd it gets more and more confused: https://www.splunk.com/en_us/resources/videos/splunk-cloud-tutorial.html https://community.splunk.com/t5/Getting-Data-In/How-to-set-up-a-heavy-forwarder-to-forward-data...
...p and running?
In case data are recovered after the forwarder restore, I suppose they are stored in the forwarder queue. Which limits this queue have? What is his size? Will be able to ingest all data...
...nstalled on the syslog server, it forwards data to splunk IF I configure it
correctly. I have tried configuring the Splunk receiver two ways: one using the "Forwarding and receiving" option f...
I am trying to implement a simple Splunk system on my local computer to learn a bit about how you set up forwards and get data into Splunk. I am running Splunk Enterprise on a CentOS 8 v...
...onfigured to send all standard Windows log data to splunk. We utilize splunk to do domain and system cybersecurity event audits. I am confident my inputs.conf and splunk forwarders are configured p...
...seACK = false
Note :-
The configuration for forwarding the data to syslog can be found under [tcpout:forwarders_syslog]
The following errors are found on splunkd.log when the heavy forwarder t...
...as paused the data flow. Forwarding to host_dest=<indexer_ip> inside output group default-autolb-group from host_src=<UF_server_hostname> has been blocked” which appears to be relevant....
I have a splunk universal forwarder, which is indexing a 1 GB log file to a Splunk Indexer. The problem I am facing is the ingestion is happening very slow (100K log entries per mins). I have tried s...
Hi,
I have a simple TCP syslog server in the same network where I have setup my Splunk Enterprise platform 9.10. I am trying to forward the data polled into Splunk Enterprise by Add-On apps to t...