This worked for me on version 8.x recently. Thanks. ... View more

Yes, I did realize after reading this post that there was a splunkforwarder running in the box. After I stopped it, I was able to run splunk with 8089 port. The strange thing was, the netstat did not show the port usage by forwarder. Anyways, Thanks you Ryan you rock! ... View more

Something very worthy of note is that this only happens in our SHC, not on our stand alone nodes. I cannot even do a rolling restart of the cluster ... View more

This blog post was removed because it was determined to be misleading. The biggest issue with forwarded Windows events was that Splunk's TA for Windows did not properly support logs processed in this way with Splunk's primary content apps (ES, ITSI, Windows Infrastructure, etc.). For that reason, I am unfortunately not able to provide you with the content. I have initiated removal of the summary page content as well, thank you for pointing that out. The best practice to acquire Windows event logs is still to install our Universal Forwarder on the source systems. ... View more

I had this issue on a UF running on windows. The UF was missing the $SPLUNK_HOME/etc/apps/SplunkUniversalForwarder/. I ran a repair from the windows "Programs and Features". After the repair $SPLUNK_HOME/etc/apps/SplunkUniversalForwarder/ was present and error went away. Splunk UF 6.2.6. ... View more