Heavy Forwarder Redundancy (with DB Connect, AWS-Addon)
Hi Experts and Splunkers, We have an existing Splunk environment which consists of: - 3 x clustered Search Heads - 3 x clustered Indexers - 1 x heavy forwarder which has several add-ons (like DB conn,...
View Articleoverwrite index on heavy forwarder based on port
Hi. We are about to ingest logs from multiple suppliers, where the individual supplier has full control over their infrastructure. My take was to to create a couple of heavy forwarders and dedicate a...
View ArticleIs it possible to use the same certificate for web UI access and data...
As in title, I was wondering if it is possible to use the same certificate on Heavy forwarders for access to the web UI and as a server cert for server forwarding. looking at here:...
View ArticleWebsite Monitor Alerts Lagging
I have a few web monitor inputs configured on a Heavy Forwarder to ping a url every minute. I then set up alerts on this to alert me if I get less than 25 pings with response_code=200 within 30...
View ArticleHeavy Forwarder Installation version compatibility
Currently we are running with Splunk Cloud 7.2.9.1 version the same applicable for indexers ,cluster master and search heads. So we have recently build a heavy forwarder server so that can i go ahead...
View ArticleTcpout Processor: The TCP output processor has paused the data flow....
I have a new Splunk deployment with a multi-site index cluster. I currently have setup heavy forwarders using indexer discovery and assigning them to the primary site. In my DMC all health checks and...
View ArticleWhy did Splunk restart heavy forwarder?
Got an alert for a HF restarting and trying to find the root cause of unexpected restart. I'm using the search below and the results shown are at the start of the event which led to the "Starting...
View ArticleSplunk Enterprise & UF on the same machine
I have inherited a Splunk installation from the previous administrator where there is a heavy forwarder **and** a UF installed on the same machine. Since this is a bad practice in terms of performance,...
View ArticleMicrosoft Azure Add-on - No data received and getting error when looking into...
Hi All, I'm trying to use the Microsoft Azure Add-on for Splunk and was successful in getting this add-on to ingest Azure AD User data via the supplied input. When trying to use the Azure AD Sign-in...
View ArticleUniversal Forwarder hardware specs
We are looking to deploy an Intermediary forwarding tier consisting of 3 Universal Forwarders going to Splunk Cloud. The 3 UFs will be receiving data from 3 Heavy forwarders which will load-balance...
View ArticleSplunk Arcitechture with HA for all components in a large deployment
Hello, dear Splunkers, We want to deploy Splunk in our company and one of our important concerns is High Availability. Would you please suggest me an architecture that covers HA for all Splunk...
View ArticleHow to configure time format in props.conf to parse the original time in the...
I've got logs that have time being sent to a syslog - the syslog is also putting a time on it to track when the logs hit the syslog. I want Splunk to parse the original time in the log, and I've tried...
View ArticlePerfmon:CPU timestamp
Hello! I'm trying to change the timestamp (_time) from Perfmon:CPU before index, to use my Splunk Heavy Forwarder date instead of the original event timestamp. The Perfmon:CPU _raw is: 05/07/2020...
View ArticleGetting error with Microsoft Azure Add on for Splunk: Unable to initialize...
Just installed both versions of Microsoft Azure Add on for Splunk on Heavy forwarder. When I open the inputs area nothing happens, just spins. Eventually, the following error shows up in messages:...
View ArticleCan I use the same Splunk Cloud heavy forwarder to send data to on-premises...
I have a heavy forwarder currently sending data to Splunk Cloud. Can I use the same heavy forwarder to stop data sending to Splunk Cloud and start sending data to on-premises Splunk? If yes, then how?
View ArticleHow to forward all indexed data from all indexes from heavy forwarder to...
I am using Splunk Free, and the Splunk add-on for AWS, attempting to index and forward generic s3 data with a custom index name to a Splunk Enterprise instance. It looks like data is being indexed, and...
View ArticleSplunk AWS Heavy Forwarder Web link not accessible.
Hi All, I am unable to login to Splunk Heavy Forwarder weblink access. and it showing that the page is not displayed. Please help me resolve the issue. Regards, Vijay .K
View ArticleHow to limit heavy forwarder bandwidth in limits.conf?
Hello guys, is it possible to limit Heavy forwarders bandwidth like UF (setting [thruput] in `limits.conf` for forwarders)? Thanks.
View ArticleLogs not coming
Logs are not coming to splunk enterprise. I've found below error in splunkd.log file in (../splunkforwarder/var/log/splunk/splunkd.log) error: "05-20-2020 10:33:28.196 +0000 WARN...
View ArticleHF data forwarding to 3rd party design validation
I have a requirement to push a subset of universal and heavy forwarders originating data to a third party, for which I enabled a set of HFs for data forwarding alone. This is working fine, as data...
View Article