×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Kat7
Explorer
Member since: ‎09-14-2020
‎04-15-2026
Community Statistics
Posts 7
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎09-14-2020
Activity Feed
View All

Re: Send PDQ Connect Audit Logs to Splunk

by in Getting Data In
‎04-15-2026 05:41 AM
‎04-15-2026 05:41 AM
It is a cloud based service so there's no where for me to install an agent, unfortunately.   ... View more

Send PDQ Connect Audit Logs to Splunk

by in Getting Data In
‎04-14-2026 06:33 AM
‎04-14-2026 06:33 AM
Hello,  I would like to automatically send the audit logs from PDQ Connect into our Splunk environment.  I can manually export the PDQ logs from the web interface and upload them into Splunk, but I would like to not have to do this. Has anyone been able to accomplish this? Thank you ... View more
Labels

Re: Remotely run .spl file

by in Installation
‎02-14-2024 05:04 AM
1 Karma
‎02-14-2024 05:04 AM
1 Karma
What I ended up doing was copying the .spl file here (after creating the Desktop folder) C:\Program Files\SplunkUniversalForwarder\bin\Desktop. Then I copy the applicable Forwarder Management app folders are here: C:\Program Files\SplunkUniversalForwarder\etc\apps.  The best way I found was to compare the folders on your test machine to a computer that you previously set up "correctly," and then copy over any missing folders.  These will generally be the same folders every time.  Then I open an administrator command prompt and run these commands:         cd "C:\Program Files\SplunkUniversalForwarder\bin"         splunk restart Once the last command finishes, you should be good to go. My PDQ deployment looks like this: Step 1: Install Universal Forwarder Step 2: Powershell script       New-Item -ItemType "directory" -Path "c:\\program Files\SplunkUniversalForwarder\bin\Desktop" Step 3: File Copy- Copy .spl file into the folder created in step 2. Step4: File Copy- Copy any needed app folders into here (if multiple app folders need to be copied over, each folder will be its own step in PDQ):                  c:\\Program Files\SplunkUniversalForwarder\etc\apps Step 5: Command Prompt-                 cd "C:\Program Files\SplunkUniversalForwarder\bin"                 splunk restart Hope this is helpful! ... View more

Re: Forwarder for iPhones

by in All Apps and Add-ons
‎08-11-2023 04:48 AM
‎08-11-2023 04:48 AM
Thanks!  I'll take a look there. ... View more

Is there a forwarder for iPhones?

by in All Apps and Add-ons
‎08-10-2023 12:43 PM
‎08-10-2023 12:43 PM
Hello,  We have company iphones, managed with Jamf Now, that we would like to collect logs on.  Specifically, we would be most interested in the login attempts. Is there a way for us to collect those logs and send them to our Splunk Cloud environment? Thank you! ... View more
Labels

Re: Remotely run .spl file

by in Installation
‎09-22-2021 07:59 AM
‎09-22-2021 07:59 AM
I gave that a try but the computer still doesn't show up in the cloud.   ... View more

Remotely run .spl file

by in Installation
‎09-21-2021 12:41 PM
‎09-21-2021 12:41 PM
I'm working on building a remote deployment for the Splunk Universal Forwarder with PDQ Deploy on our Windows 10 computers.  I can run the initial splunk forwarder .msi installation without issue, but when I try to run the .spl file to sync the computer to our Splunk cloud environment, it errors out every time. The command I'm using works fine when I run it locally, but I get "login failed" when I run it through PDQ. cd "C:\Program Files\SplunkUniversalForwarder\bin" splunk install app \splunkclouduf.spl -auth username:password Is there a tweak I can make to the command or another way to accomplish the sync to our cloud environment? Thanks in advance! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎04-15-2026 05:38 AM
Karma from
View All
Karma given to
View All