Howdy fellow Splunkers! I have tried to find a previous article but I must be missing it if there is one. I need help as I am doing some app/add-on updates for the first time and hit a roadblock. I have an app installed currently and the app folder in deployment-apps is titled: forescout-app-for-splunk_291 and the new one is called forescout-app-for-splunk. They took off the version number.  I was not the one who installed the first one so I'm not sure what their thinking was. I am using a Deployment Server and can't figure out how to get it to replace the version one with the non version one. If I just install it like a new app, then both are on the SH and I am afraid of losing any config from the first app. Oh man, I really hope that made sense. Any help is greatly appreciated! ... View more

Howdy Splunkers! First post here. I am looking for any information on the amount of resources a Universal Forwarder potentially uses on the server it is installed on when we are collecting IIS and/or winevent logs. All I can find in Splunk Community is "Universal forwarders use limited resources" which doesn't help me much. As part of my onboarding process of bringing server logging into Splunk, I want to make sure that we consider the host resource usage as part of the considerations in the deployment planning in addition to the customary storage capacity those logs will need. Currently, I need to install a UF on an IIS server which is extremely over-used and I want to try to understand how much the UF will add to the host server as I need to make sure the extra resource usage won't negatively affect or bring down the server. I appreciate your time and hope this makes sense. Thank you so much for your help! ... View more