I'd also like to know about this and support for OSSEC 2.7.1 (latest version as of Apr 12 2014) ... View more

Thanks, that does the trick. I have used OSSEC rules before so it was familiar. I was mostly interested in the party line (best practice) on this situation. ... View more

Thanks @jd260. If I had found this answer this morning, it would have saved me hours of work. Why this isn't in the Splunk docs is a mystery. ... View more

This is still an issue. I'm running 5.0.4. Not as benign as indicated either, bug causes tcp connections to open and close, delaying real-time traffic into the indexes and having UFs show up as "missing" in the Deployment Monitor ... View more

Does anyone have more specific information on where/how to run both the delete and clean commands? I am inexperienced with Splunk and am not sure what a lot of the forum answers are referring to. My end-goal is to remove one of my servers completely from the "Hosts" list. So far all I have done is uninstall the "Universal Splunk Forwarder" from the server I would like removed from Splunk. ... View more

the known issue n8 mentions is this one: Deployment server: 'splunk reload deploy-server' command causes Linux host to freeze. (SPL-62493) ... View more