×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
telvinwells08
New Member
Member since: 3 weeks ago
2 weeks ago
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-24-2025
View All

Issues with Splunk Universal Forwarder Sending Sec...

by in Splunk Enterprise
3 weeks ago
3 weeks ago
Hi Splunk Community, I recently upgraded my Splunk Universal Forwarders from version 9.4.3 to 10.0, and since the upgrade, I’ve been experiencing issues with the forwarders sending security logs to my Splunk Enterprise instance (which is also running version 10.0). Here are some specific details: Pre-upgrade, everything was working fine, and security logs were being ingested without any issues. After the upgrade, I noticed that security logs are either not getting sent or are being delayed significantly. I've verified that the forwarders are still forwarding some logs, but the security-related ones aren't appearing in the index as expected. The configuration files (inputs.conf, outputs.conf, etc.) on the forwarders haven’t been changed since the upgrade. I’ve tried restarting the forwarders and re-checking the connectivity to the Splunk Enterprise instance, but the issue persists. Has anyone else encountered similar problems after upgrading to 10.0? Could it be an issue with compatibility, or is there something specific I should look into? Any advice or troubleshooting tips would be greatly appreciated! Thanks in advance for your help! ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
2 weeks ago