Activity Feed
- Karma Re: Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? for ChrisG. 06-05-2020 12:47 AM
- Got Karma for Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class?. 06-05-2020 12:47 AM
- Karma Is there a yum/rpm repo for Splunk? for stefanlasiewski. 06-05-2020 12:46 AM
- Karma How do I remove indexed data? Such as specific data source? for clyde772. 06-05-2020 12:45 AM
- Karma Re: How do I remove indexed data? Such as specific data source? for Simeon. 06-05-2020 12:45 AM
- Posted Re: Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 09:55 AM
- Posted Re: Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 09:48 AM
- Posted Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 08:38 AM
- Tagged Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 08:38 AM
- Tagged Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 08:38 AM
- Tagged Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 08:38 AM
- Tagged Splunk Light: After creating a server class to collect Windows event logs from one server, why am I unable to modify it or create an additional server class? on Getting Data In. 11-10-2015 08:38 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 |
11-10-2015
09:55 AM
That's fine, timelines can be fuzzy & bugs slip through testing in even the best software. Thanks Chris!
... View more
11-10-2015
09:48 AM
Thanks for the quick response ChrisG,
So the behavior is a result of a known bug that should be fixed in a future release at which point I'll be able to modify server classes?
... View more
11-10-2015
08:38 AM
1 Karma
I'm evaluating Splunk Light for purchase and running in to some issues collecting Windows Event Logs from multiple servers.
I installed the Universal Forwarder on a few machines, then to test the setup, I configured a receiver, created a server class, and set it up to collect logs from the Windows App, Sec, & Sys logs which is working great. So I continued installing the forwarder on a number of other machines and that's where I ran in to an issue.
From looking through the UI and doing some Googling, it seems like Splunk Light isn't able to manage server classes, REALLY odd that you can create one and not modify it, but that would be absolutely fine if I had the ability to manage forwarder clients individually. However, it seems like that's not possible either:
I can't setup a forwarded data input without using a server class.
I can't add a new server to an existing server class.
I can't add multiple server classes with the same Windows Event Log inputs. When I try, I receive an error "Cannot create another input for the event log "Application", one already exists."
So how, are you supposed to collect forwarded Windows Event Logs from an additional server in Splunk Light?
... View more
