Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
10,000 results
Sorted by:
11-05-2021
09:39 PM
...iles to the folders where monitor command pointing to pickup the files, it is not forwarding events to the SPLUNK indexer since I cannot see those events within SPLUNK. However, when I t...
- Tags:
- HF-Linux Machine
Labels
- Labels:
-
heavy forwarder
-
Linux
02-14-2022
04:50 PM
I am operating in an environment with a standalone Splunk Enterprise instance running v8.1.3 on RHEL. In my environment I have around 350 Universal Forwarders that have been up and running f...
excerpts from UF logs.pdf (67 KB)
Labels
- Labels:
-
indexer
-
universal forwarder
Show results in replies (8)
-
Further to the above information: I can perform the following tests from powershell on the trouble...
-
Hi @mike_k, did you tried (only for debugging) the connection without SSL? If, without SSL, ...
-
Hi stupid question, but you have restarted those UFs after app has installed? r. Ismo
-
...utputs.conf (using splunk btool server list --debug) on the troublesome Universal Forwarder (UF), I c...
-
...roublesome Universal Forwarder today, however am still getting the same results.
-
...bout the logs on _internal, I suppose that the first logs were received when you installed the Forward...
-
UF's pass4SymmKey is used for authentication only if you are using indexer discovery to get list of...
-
...niversal Forwarders had been installed by someone outside our team and therefore had been installed s...
11-08-2021
09:30 AM
Is there a way to find which forwarder a devices event logs came from. I have hundreds of devices sending WEC logs through WEC servers, I could really do with an easy method to pinpoint where they c...
Labels
- Labels:
-
using Splunk Cloud
09-29-2021
07:50 AM
Hello everyone, I hope you all are doing well. I have been tasked to update Splunk enterprise to the 8.2.1 version and the forwarders to 8.1.4. Does anyone know if this upgrade is going t...
Labels
- Labels:
-
other
-
summary indexing
Show results in replies (3)
-
...ystems that are legacy are rhel 6. I am just afraid that upgrading the forwarders on these systems f...
-
...s fine on the server its on, itll upgrade and communicate with the upgraded windows and rhel 7 forwarders...
-
It's not the RHEL version you should be looking at, but rather the kernel version. Kernel ver...
04-06-2022
09:08 PM
hi all,
how can i send the same data from one universal forwarder to multiple universal forwarder ?
is there a way to configure this ? if yes, please tell me the process.
Labels
- Labels:
-
configuration
Show results in replies (7)
-
Yes you can but it will hit the license meter twice so you need to cautious about that. ...
-
You can specify multiple outputs in the outputs.conf file - each event will be sent to all defined ...
-
it should be the same way you generally forward data to indexing tier [tcpout] d...
-
...ach event would get forwarded to one of the destinations from the group only. It would not get forward...
-
can we transfer the same data from SplunkUF to two different groups? @PickleRick @mayurr98&...
-
It's not that simple. Splunk counts the licence usage based on raw data that is written to indexes ...
-
...o that each event gets forwarded to all of those groups.
03-01-2022
12:02 AM
hi, i know many have answered this question before but i didn't find any perfect and detailed answer. Setup :- UF ---> HF -----> IDX Q1. i have a file called test.txt ( Location ...
Labels
03-30-2022
04:27 AM
hi again 🙂
after upgrading our 26 linux universal forwarders from 7.x to 8.2.5, one of them will not run anymore. it immediately shuts down itself after start. splunkd.log shows nothing s...
Labels
- Labels:
-
Linux
-
universal forwarder
-
upgrade
Show results in replies (4)
-
...his app adapted to my needs to upgrade my forwarders. for some reason, on the not running forward...
-
Hi @pbnl, good for you if you solved your problem, please accept the answer for the other peo...
-
ok. i will do. and indeed, you can help me with another issue. but in a new thread 😉
-
Hi @pbnl, did you checked the available memory? did you checked if the old installation is a...
02-18-2021
08:45 PM
HI I have a web UI connection into the Heavy Forwarder over port 8000. Is there a way I can view a list of universal forwarders that are sending to this Heavy forwarder?
Labels
- Labels:
-
configuration
05-10-2021
09:37 AM
...ant to mess with IE as that would involve security and I would rather not point out this hole until after I have the forwarder downloaded and installed.
Labels
- Labels:
-
universal forwarder
-
Windows
04-05-2022
12:50 AM
Hello community
Trying to figure out what is blocking/affecting UF on Windows
Agent was installed using CLI
msiexec.exe /i splunkforwarder-<version>-x64-release.msi DEPLOYMENT_SERVER="<...
Labels
- Labels:
-
universal forwarder
-
Windows
Show results in replies (9)
-
...uppose that you already configured forwarding (outputs.conf) on UF and receiving on Splunk E...
-
...onfiguration has whitelisted _internal though there is nothing being forwarded so there is n...
-
Not stuped at all. And yes, running as administrator. While the background service is running the ...
-
@gcusello I'll start there, thank you. Any experience/thoughts regarding the failure to run s...
-
Hi @fatsug, I suppose that you configured your Intermediate HF to receive logs from UFs and forward...
-
Hi @fatsug, are you meaning that running a command as splunk status in the $SPLUNK_HO...
-
Hi @fatsug, a very stupid question: do you runned CLI commands on a cmd windows using "Run a...
-
Exactly, tried several different: splunk list forward-server splunk list monitor splunk stop &n...
-
...resent) on Heavy Forwarders, because the pass through a full Splunk instance (as HF) coockes the data that c...
