I think what is happening here is that chronological order was the last sort order that you selected when you last visited the site. I just logged in to checked my cases in the support portal and did not have them listed in chronological order, they were sorted by Priority which was how I was looking at my cases a few days ago. I just changed the sort order to be reverse chronological, logged out, and then logged back in -- the cases were displayed in reverse chronological order. If that is happening for you, let me know and I can follow-up with the right folks ... View more

The wget command that I got from the download page is an http connection, not https, and it works as expected. green@fat ~ $ wget -O splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm 'http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true' --2015-03-11 10:17:22-- http://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=Linux&version=6.2.2&product=universalforwarder&filename=splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm&wget=true Resolving www.splunk.com. 54.192.140.45, 54.192.140.114, 54.192.140.61, ... Connecting to www.splunk.com|54.192.140.45|:80. connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: http://download.splunk.com/products/splunk/releases/6.2.2/universalforwarder/linux/splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm [following] --2015-03-11 10:17:23-- http://download.splunk.com/products/splunk/releases/6.2.2/universalforwarder/linux/splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm Resolving download.splunk.com... 205.251.215.40, 205.251.215.22, 205.251.215.97, ... Connecting to download.splunk.com|205.251.215.40|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13912657 (13M) [application/x-rpm] Saving to: `splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm' 100%[=====================================================================================================================================>] 13,912,657 8.23M/s in 1.6s 2015-03-11 10:17:25 (8.23 MB/s) - `splunkforwarder-6.2.2-255606-linux-2.6-x86_64.rpm' saved [13912657/13912657]` If you are concerned about the validity of the package you can also wget the md5 or sha512 has by appending the appropriate extension to the end of the file name ... View more

piebob is right, if the system does not recognize your number it will prompt you to enter it. This number should match the number associated with your support profile. You can check this number in the Support Portal under the My Profile section ... View more

enable_insecure_login is a setting that was added to allow a dashboard to be rendered in something other than Splunk. Are you doing that in your enviormnent? If not you probably want to disable the setting since it allows credentials to be passed in the clear (hence calling it insecure login). With that said I do not believe that setting is related to your setting. What version of Splunk are you running? Do you have update checking turned on? If you inspect the page in Firebug (or something similar) to do you see an insecure elements in the HTML? ... View more

What is the result when you look at the same view on your license master? Is your license master running 6 as well? ... View more

Check out this Answers topic: Output syslog to external Here is the relevant section of the documentation: Forward data to third party systems -- Syslog data ... View more

Our testing shows that the new S.o.S is fully functioning in Splunk 6. Sideview will update their compatability table after they have had time to run through their full test suite on Splunk 6. ... View more

If the forwarder was configured to index /var/log/messages/ then it probably just indexed the archived log files. ... View more

Yes if you delete Splunk while the process is still running the port will continue to be bound. ... View more

Can you share some details on the install? What platform are you on (linux, windows, etc.)? What is the method of removal that you used? What was the method of installation of the old version as well as 5.0? ... View more

Lowell is right, limiting the thruput is not solving the problem and will just cause your forwarders to fall over when their queues fill up. Filtering garbage events and setting alerts for when thruput spikes dangerously is how you should be addressing the problem. By delaying the amount of data a forwarder can send you are just slowing down the flow of data. The events from the spike will still need to be sent (its just going to take longer for them to get there). ... View more

enabling the app does not make an instance a universal forwarder. You must install the new universal binaries ... View more