Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal Forwarder Stanza

iherb_0718
Path Finder
‎06-23-2021 03:46 PM

Universal Forwarder installed on a Windows server using all default settings.

Where can I find the stanza that has the types of events it is logging so that I can validate it received th

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-23-2021 05:35 PM

Hi @iherb_0718 

Open cmd line and navigate to %SPLUNK_HOME%\bin in Windows and execute the following command to find the input stanzas being configured by default.

 

splunk btool inputs list

 

---

An upvote would be appreciated and accept solution if it helps!

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

BSides Splunk 2022 - The Call for Papers is now Open!

TLDR; Main Site: https://bsidessplunk.com CFP Site: https://bsidessplunk.com/cfp CFP Opens: December 15th, ...

Sending Metrics to Splunk Enterprise With the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...

What's New in Splunk Cloud Platform 9.0.2208?!

Howdy!  We are happy to share the newest updates in Splunk Cloud Platform 9.0.2208! Analysts can benefit ...