I just set up the UF on my DC (it's a lab environment) and I can confirm that both are connected on the specified ports using netstat but I'm not getting any logs from my DC. I'm also using Splunka...
Hi
I am running a heavy forwarder with HEC and it is sending datato 3 indexers. I am starting to read about ways to optimise this configuration, but I am not sure if I have all the s...
hi All,
HF's OS was recently migrated to RHEL from centos. Since then HF's are not sending any input datatosplunk.
though i can see internal logs.:
I can see in internal logs error : C...
...hose files with the idea that these logs will be sent to the indexers (because I already have the output file with the config tosenddata from HF toindexers)
But, I dont see any logs being index...
Hi all,
I have been trying to identify a list of the current forwarders that are sending datato our single Splunkindexer. Is there a section within Splunk where I can find this or even a search q...
Hello, I've just installed the SplunkAdd-on for Microsoft Windows and I will be collecting data from UFs that forward first toa HF and then toan indexing cluster. The app will b...
Looking to create an alert if a host on a lookup stops sending datatoSplunkindex=abc. I have created a lookup called hosts.csv with all the hosts expected to be logging for adata source. Now i n...
...nformation (eg wineventlogs, secure, auth logs) needs to be sent toindexer1_group && the perfmon/metrics/application dataset etc, needs to be sent toindexer2_group. So not data cloning but specific data...
...y UF is able to connect to the indexers, but no data is sent.
07-09-2016 00:21:15.670 +0000 INFO TcpOutputProc - Connected to idx=x.x.x.x:9997
My test logs directly on the indexers were sent to...
Hi everyone, I am trying toindexdata from a single log file to different indexes but i can't do it, i have this data wich need to route to diferent indexes: svr80001.xxxxxx.com [UDP: [172.22.175...