I have a UF installed(v7.3.1) on CentOS with ulimits configured for max open files etc.
the file monitor input stanza looks as below:
[monitor:///<path_to_log_file>/*.log]
disabled = f...
I collect my data using UniveralForwarder, them send it to HeavyForwarder.
I would like to send a copy of data that enter into HF to a syslog server. On my HF, I have the following configs:
input...
Is it possible to forwarddata from source A to Indexer A and data from source B to Indexer B if I use the light forwarder? Or do I need to configure this in tranforms.conf and have to use the n...
I'm not exactly sure what is going on but when I installed universal forwarder and the receiver my splunk is getting this as data.
--splunk-cooked-mode-v3--\x00\x00\x00\x00\x00\x00\x00\x00\x00\x...
...older and data IS getting into Splunk Server. But when I check the Universal Forwarders etc/system/local/inputs.conf file I only see 2 lines [Default] and Host name. Nothing there about the d...
Hello fellow splunk users!
I am encountering a problem with indexing .csv files.
A bit of background story:
I am trying to index Windows Server 2003 data. Installing an universal forwarder d...
Hi,
I created a script input to collect data from scripts installed on forwarders and Splunk is not indexing.
Follow my steps to create a datainput:
1.Forwarded inputs » Datainputs » S...
...t index time based on the format of events sent via standard syslog input. However, I would much prefer to install theforwarder on the server and monitor the audit files directory while using the p...
...er
to monitoring logs on Syslog server.
Right now thedatainput is running on Heavy Forwarder but we already receiving the same data on our Syslogger server.
So we want to disable datainput o...