Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Universal Forwarder Stanza

iherb_0718
Path Finder
‎06-23-2021 03:46 PM

Universal Forwarder installed on a Windows server using all default settings.

Where can I find the stanza that has the types of events it is logging so that I can validate it received th

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2021 05:40 PM

No one stanza has that information.  The best way, IMO, to see what a UF is sending to the indexers is use btool.  On the server running the UF, run this CLI command:

C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list

You will need the admin credentials you defined when you installed the forwarder.  It will then spit out a list of all of its input stanzas and associated settings.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

venkatasri
SplunkTrust
SplunkTrust
‎06-23-2021 05:35 PM

Hi @iherb_0718 

Open cmd line and navigate to %SPLUNK_HOME%\bin in Windows and execute the following command to find the input stanzas being configured by default.

 

splunk btool inputs list

 

---

An upvote would be appreciated and accept solution if it helps!

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...