Hello, I have a standalone SplunkEnterprisesystem (version 9.x) with 10 UFs reporting (SplunkEnterprise and the UFs are all Windows OSs) - the SplunkEnterprise standalone system is an all-in-o...
We use the zScaler proxy product and have it configured with NSS to collect logs in SplunkEnterprise. We also download the PhishTank URL watchlist into the Threat_Intelligence framework in Enterprise...
...ndexer. As a DS is a full SplunkEnterprise instance, it is not recommended to put UF on the same host. Where do i need to configure to tell it to monitor the OS syslog file a...
...ogs directory eg D:/App/system/logs to my Splunk, I have added through CLI using ./splunk add monitor D:/App/system/logs and restarted the service but unfortunately, still I am not receiving t...
...elow, let me know what other info you would like and I will provide it as soon as I can. Thanks for reading.
Stand-alone SplunkEnterprise
Version: 7.3.0
Build: 657388c7a488
CIM: 4.13.0
A...
Good Morning,
I'm trialing Splunk Cloud in anticipation of a purchase. I have installed SplunkEnterprise as the deployment server and universal forwarders on three servers. My clients are s...
...nd the props.conf is present on both HF as well as Indexers. The props.conf works perfect if I upload the data to a Single Instance SplunkEnterprise but does not work in HF--> Indexer scenario.
I...
...orwarded from a UF, the extractions don't work.
On the SplunkEnterprise server (Splunk 6.1.3 (build 220630) on RH 6.5), /apps/splunk/splunk/etc/system/local/props.conf has this stanza:
[t...