...ther servers with windows event logs being sent to the same linux splunk enterprise but those are using the regular [WinEventLog://Application] input. Why does this happen and how can i get our logs s...
...ogs.
- Heavy Forwarder collects all data from the UFs.
- Same HF acts as an intermediate forwarder and forwards raw logs received to a Remote Indexer, outside the Windows Domain.
- Remote I...
...howing up in "Forwarder Management" but I can't seem toget event logs from any servers except the deployment server. I have enabled firewall ports outbound 8089 and inbound 9997 on the deployment server. T...
Hello Splunkers, A few days ago most of serverclasses on our Deployment Server uninstalled itself an output app. As a result, splunkd was restarted on UFs and data stopped being forwarded from h...
I have the Splunk Add-On for Windows installed on my deployment server in order to help collect data from my windows machines (forwarders). However, when the data comes in - it is all condensed d...
Basically i am trying this deploymentwindows hosts: Installed the Windows TA app/configured inputs.conf with proper perfmon inputs etc.
Search head: Installed Windows app, should be able to s...
...Enterprise on the new instance. - Log intoSplunk Enterprise and confirm that yourdata is intact by searching it - Upgrade from 7.3.X to 8.1.X and then to 8.2.5 Should I apply these steps to e...
...eason I ask: it does not exist in my instance on the Deployment Server (only apps.conf in that folder); I am trying to figure out what it should be and howto fix what seems to be a broken "Splunk Add-o...
My setup is a single forwarder sending logs to a Splunk server. Both machines are running Windows 2008. After editing configuration files, I managed toget my forwarder's log to say:
11-21-2011 1...
...erver it is showing up and running and while using TTL the server is responding not Im unable toget the data on splunk.
I don't have much idea what could be the root cause it will be great if you could s...