Sometimes due to a space issue, we have to stop the forwarder from sending data to Splunk.
However, when we start the forwarder, it sends the data which was not indexed during the time it was s...
Am I just missing something or being stupid or are there no persistent queues when using Splunk2Splunk with SSL?
I see indexer acknowledgement in 4.2.1 but how does one protectagainstlossofin...
I am using Universal Forwarder on Windows machines to forward events generated by a script.
Question: What happens if the indexer(s) cannot be reached for some reason? Are the events buffered l...
I have an index on server-a called wifi that data is going into continuously. I want to move that index onto server-b. There is currently only one input coming into the index.
My plan i...
I create a forwarder on a remote site. The speed of network is limited. I need transfer the event log in middle-night on the forwarder.
How can I configure the transfer start at middle-n...
How does the Splunk Universal Forwarder handle the condition when SPLUNK TCP is used as the communication method and the Splunk Indexer is down? (maintenance, someone disconnects the server, ...)
a universal forwarder will request to resolve XXXXXX (DNS) and it may get an IP address of the indexer that is no longer available
in that case, it doesn’t have another address to try, so what w...
Hi everyone,
Currently we are trying to introduce indexer acknowledgement to protectagainstlossofin-flightdata.
We have a strict networking environment that only allow open port when t...
Is there any advantage to sending data from UFs to an intermediate HF instead of directly to indexers?
I recall reading that by relaying data UF > HF > indexer, there are certain a...