cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
jonwick
Path Finder
Member since: ‎09-28-2020
‎11-29-2020
Community Statistics
Posts 24
Solutions 0
Karma Given 15
Karma Received 3
Member Since ‎09-28-2020
Activity Feed
Topics I've Started
View All

Re: Forward events to a subset of indexers cluster

by in Deployment Architecture
‎11-28-2020 10:32 PM
‎11-28-2020 10:32 PM
Thanks @richgalloway  ... View more

Re: Forward events from indexer cluster to another...

by in Deployment Architecture
‎11-27-2020 09:00 PM
‎11-27-2020 09:00 PM
Hi Splunkers, Hope someone can revert on my above question. ... View more

Re: No previous events when UF are installed

by SplunkTrust in Getting Data In
‎10-19-2020 08:27 AM
2 Karma
‎10-19-2020 08:27 AM
2 Karma
Windows is quite happy to install new versions of Splunk UF without uninstalling the existing one.  I've not tried re-installing the same version. To clear credentials, just remove the %SPLUNK_HOME%\etc\passwd file and restart the UF with a new user-seed file.  To clear configs, just delete the relevant .conf file(s) and restart the UF. Preserving the fishbucket is very reliable. ... View more

Re: Do I need Domain Account for UF when DC monito...

by SplunkTrust in Getting Data In
‎10-18-2020 11:43 PM
‎10-18-2020 11:43 PM
Hi @jonwick, you're welcome! Ciao and happy splunking. Giuseppe ... View more

Re: Are there any ideal exceptions where DS has to...

by SplunkTrust in Deployment Architecture
‎10-18-2020 06:57 AM
1 Karma
‎10-18-2020 06:57 AM
1 Karma
Actually there is one restriction for DS. You cannot use windows based DS for any other OS clients than windows. If you have other than windows clients then you must use Linux based DS which works with other OS too. r. Ismo ... View more

Re: Domain Account for UF

by SplunkTrust in Installation
‎10-08-2020 12:13 AM
1 Karma
‎10-08-2020 12:13 AM
1 Karma
i @jonwick, I usually install Universal Forwarder as a SYSTEM_LOCAL, but, as you can read at https://docs.splunk.com/Documentation/Forwarder/8.0.6/Forwarder/InstallaWindowsuniversalforwarderfromaninstaller#Choose_the_Windows_user_that_the_universal_forwarder_should_run_as  , you can install it also as a Domain Account. The reasons are: Read Event Logs remotely Collect performance counters remotely, Read network shares for log files, Access the Active Directory schema, using Active Directory monitoring. If you install as a domain user, you can choose whether or not the user has administrative privileges on the local machine. If you choose not to give the user administrative privileges, the universal forwarder enables "low-privilege" mode. Ciao. Giuseppe ... View more

Re: Universal Forwarder License changing

by SplunkTrust in Installation
‎10-01-2020 01:43 AM
1 Karma
‎10-01-2020 01:43 AM
1 Karma
Yes you can if you are collecting same stuff as earlier. Just stop UF, copy fish bucket to safe place then remove + install and before you start new one copy old FB back to splunk db dir. r. Ismo ... View more

Re: How to switch to a different deployment server...

by in Deployment Architecture
‎09-30-2020 11:30 AM
‎09-30-2020 11:30 AM
Thanks a lot @isoutamo  ... View more

Re: Splunk UF monitoring

by in Monitoring Splunk
‎09-29-2020 06:50 AM
‎09-29-2020 06:50 AM
Thanks for this possible solutions @Richfez  ... View more

Re: Health Check for UF

by SplunkTrust in Monitoring Splunk
‎09-28-2020 09:56 AM
‎09-28-2020 09:56 AM
You could check that all expected sources are still being received, but that's not specific to UFs. ... View more

Re: Internal logs Suffice Deployment Monitor Conso...

by SplunkTrust in Monitoring Splunk
‎09-28-2020 07:19 AM
1 Karma
‎09-28-2020 07:19 AM
1 Karma
The Monitoring Console (MC) only uses internal logs for its reports and dashboards. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎11-29-2020 01:53 AM
Karma from
View All
Karma given to