You may need to run a diag and open a case with Splunk as more details/error information would be helpful. I have had issues with a particular app and needed to edit the web.conf but your information is a little unclear - have a look at the following, it may help. https://answers.splunk.com/answers/329466/why-am-i-getting-an-unresponsive-setup-screen-tryi.html#answer-342185 ... View more

After making changes and letting them persist for awhile I restarted the DMC - this did not change the instance name to the configured new instance name even after a restart of the DMC. I then applied all changes - and that did the trick! Apply Changes on DMC -> Settings -> General Setup ... View more

I downvoted this post because there needs to be a better way to accomplish this. for a small/new environment this is fine but when you have 50+ devices this isn't a viable solution. ... View more

version/OS info would help, have you tried restarting from the CLI? ... View more

I'd love to see the powershell script you have or a partial as i"ll be needing to do the same. ... View more

Looks like 6.2.8 is the latest from what I see: https://www.splunk.com/page/previous_releases/universalforwarder#x86_64windows Windows 7, 8 and 8.1 (64-bit) Windows Server 2003, 2003 R2, 2008, 2008 R2, 2012 and 2012 R2 (64-bit) 6.2.8: splunkforwarder-6.2.8-275559-x64-release.msi Release Notes ... View more

Can't wait, looking forward to it! ... View more

Something that's bitten me in the past, are you testing from the CLI as the same user that Splunk is running as? ... View more

Great news, I've been on the lookout for this since I saw the recording! Thanks ... View more

I don't believe that you will be able to fix this with the Splunk tuning, have you looked at what the other remote application is doing and how the requests are being opened? More information on the remote application would be helpful. Here's a link that might be helpful. http://unix.stackexchange.com/questions/10106/orphaned-connections-in-close-wait-state ... View more

My apologies, I should have posted this. This works up to 6.4.3 UF's... I would still prefer to have the ability to overwrite the hostname as I needed to rewrite some validation scripts to account for this using the clientName field: Windows C:\Program Files\SplunkUniversalForwarder\splunkforwarder\etc\system\local\deploymentclient.conf" and change the "clientName = XXX" This requires creating a "deployment-client" stanza and adding a "clientName = XXX" before the target-broker and targetURI: Example: [deployment-client] clientName = XXX [target-broker:deploymentServer] targetUri = 10.1.1.1:8089 ... View more

Glad to see I'm not suffering alone! I'm looking to leverage the Deployment Server an/or DMC to come up with a workable solution. With the amount of cloning and remames this is a bit of an issue with nearly 7000 UF's. ... View more

Did anyone get this regex to work? ... View more

Thanks for your response, however the documentation doesn't align with the reality of my experience and testing. ... View more

Did you try the new app? https://splunkbase.splunk.com/app/2648/ ... View more

I am looking to override the Host Name in the Forwarder Management but I have been unsuccessful. Changing the clientName in deployment.conf changes the Client Name but not the Host Name. We have changed the inputs.conf to reflect the new name but need to have consistency for scripting with the Host Name in Forwarder Management. All changes/testing were done in C:\Program Files\SplunkUniversalForwarder\etc\system\local and we need to be able to do this in both Windows and Linux - any idea what I may be missing? ... View more

As rc.local runs these commands after Splunk starts I put this in init.d so upon restart Splunk logs the correct/current status on reboot. ... View more

Wow, this seems fairly counter-intuitive since the Save button is grayed out until you run the search. ... View more

I'm not sure if I understand the difference? If you are changing the label you need to change it on all of the search heads in the SHC in addition to having it consistent on the Deployer. A word of caution on 6.3.2, please ensure you have the config correct for the ./splunk init shcluster-config command - I had to re-configure the entire cluster to get this functioning properly. Additionally you will want to try to avoid using a "$" in the secret as when I got around to installing apps this appeared to cause issues in the CLI. ... View more