Hello everyone, I'm currently collecting logs from a Fortigate WAF using Syslog, but I've encountered an issue where, after running smoothly for a while, the Splunk Heavy Forwarder (HF) suddenly stops receiving and forwarding the logs. The only way to resolve this is by restarting the HF, after which everything works fine again, but the problem eventually recurs. Could anyone advise on: Possible causes for this intermittent log collection issue Any specific configurations to keep the Syslog input stable Troubleshooting steps or recommended best practices to prevent having to restart the HF frequently Any insights or similar experiences would be much appreciated! Thank you! ... View more

Hi everyone, I'm currently working on integrating Trellix ePolicy Orchestrator (ePO) logs into Splunk for better monitoring and analysis. I would like to know the best approach to configure Splunk to collect and index logs from the Trellix ePO server. Specifically, I’m looking for details on: Recommended methods (e.g., syslog, API, or other tools/add-ons) Any Splunk add-ons or apps that facilitate ePO log ingestion Best practices for configuration and parsing these logs in Splunk Any guidance or references to documentation would be greatly appreciated! Thank you! ... View more

Hi Splunk community,   I'm facing an issue with my Splunk deployment server, running on version 9.2.1 (splunk-9.2.1-78803f08aabb-linux-2.6-x86_64-manifest). I’ve added new configurations to the inputs.conf file for a WebLogic server within a specific deployment class. After making these changes, I pushed the configurations to the target WebLogic server and triggered a restart. Unfortunately, the new settings in the inputs.conf file are not being applied to the WebLogic server, even though the deployment server logs indicate that the service was successfully restarted. Has anyone experienced this issue or can offer advice on what might be causing the problem and how to resolve it? Thanks in advance! ... View more