Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
5,000 results
Sorted by:
09-22-2022
02:38 AM
...p and running?
In case data are recovered after the forwarder restore, I suppose they are stored in the forwarder queue. Which limits this queue have? What is his size? Will be able to ingest all data...
Labels
- Labels:
-
configuration
Show results in replies (7)
-
The best practices is send those directly to SC without any gateway/intermediate forwarders. If t...
-
Thanks a lot. Your help is very usefull for us.
-
...ble to to try to limit data loss but I don't think you can ever call it highly available. A...
-
...rotocol and then it sent them to Cloud Environment. There is not a UF that forward the data to HF; the HF i...
-
...nd forward -> Data sent to cloud. About the reason of having not multiple HF I have not details; I...
-
...Fs if you want to avoid reread modular inputs data on case of recovery. r. Ismo
-
...et up HFs behind load balancer and use those syslog clients to send that traffic to VIP on LB and it forward...
03-17-2023
01:26 AM
Hello Community,
I am having issues connecting my Universal Forwarder with a Heavy Forwarder.
I have the following set up: UF-->HF-->IDx
I can see the logs from HF to IDx, but not sure w...
Labels
04-12-2023
09:05 AM
Hello! When I updated my Splunk Universal Forwarder, my data stopped sending data into Splunk. I do not know how to find the upgraded Splunk servers tcpout address I need to update in the S...
Labels
- Labels:
-
data
-
inputs.conf
-
universal forwarder
03-02-2022
06:52 PM
I have configured Heavy Forwarder to collect and forward syslog data to our Splunk Indexers. We purposely don't wish to use syslog server for the log collection due to other reasons. Now we also h...
Labels
- Labels:
-
heavy forwarder
01-11-2021
06:30 PM
1 Karma
Hello, I need to check to see if Syslog data is reaching my forwarders. What would be the best query to use to check this?
Labels
- Labels:
-
heavy forwarder
06-01-2022
10:35 AM
...nd it gets more and more confused: https://www.splunk.com/en_us/resources/videos/splunk-cloud-tutorial.html https://community.splunk.com/t5/Getting-Data-In/How-to-set-up-a-heavy-forwarder-to-forward-data...
Labels
- Labels:
-
heavy forwarder
Show results in replies (4)
-
You don't need a HF just to forward data. An intermediate UF will do just fine.
-
...n HF to forward my data to SPLUNK CLOUD and then know how to activate the license (when downloading t...
-
...nputs to gather data. there has to be a outputs config for forwarder to forward data to i...
-
As @gcusello said - it's a bit complicated to advise a proper architecture for a particular case. T...
02-14-2022
04:50 PM
...as paused the data flow. Forwarding to host_dest=<indexer_ip> inside output group default-autolb-group from host_src=<UF_server_hostname> has been blocked” which appears to be relevant....
excerpts from UF logs.pdf (67 KB)
Labels
- Labels:
-
indexer
-
universal forwarder
08-26-2021
03:04 PM
I am trying to implement a simple Splunk system on my local computer to learn a bit about how you set up forwards and get data into Splunk. I am running Splunk Enterprise on a CentOS 8 v...
Labels
- Labels:
-
universal forwarder
07-18-2022
03:38 PM
...nstalled on the syslog server, it forwards data to splunk IF I configure it
correctly. I have tried configuring the Splunk receiver two ways: one using the "Forwarding and receiving" option f...
Labels
- Labels:
-
other
Show results in replies (4)
-
Hello and thanks for the information, I think I understand now. I am forwarding logs from my s...
-
...ou need to install TA only on indexer. If instead you are using an Heavy Forwarder, it cooks data...
-
Hello Giuseppe, Wow fast response. I am using a Universal Forwarder on the syslog server - it forward...
-
...he syslog server, You configured your Forwarder to send data to the Indexer, you created an input t...
06-10-2019
08:20 AM
Hello all,
I have a working universal forwarder that happily sends data to my Enterprise indexer.
The data shows up under the forwarder's hostname on the indexer.
I would like to have a c...
