Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal Forwarder Stanza

iherb_0718
Path Finder
‎06-23-2021 03:46 PM

Universal Forwarder installed on a Windows server using all default settings.

Where can I find the stanza that has the types of events it is logging so that I can validate it received th

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-23-2021 05:35 PM

Hi @iherb_0718 

Open cmd line and navigate to %SPLUNK_HOME%\bin in Windows and execute the following command to find the input stanzas being configured by default.

 

splunk btool inputs list

 

---

An upvote would be appreciated and accept solution if it helps!

Tags (2)
0 Karma
Reply
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Get Updates on the Splunk Community!