error posting to snow_proxy among other snow_... areas
Hi, I am trying to get the ServiceNow add-on to work on a distributed Splunk infrastructure namely a HF. I have tried configuring it from the GUI and conf files, though there are differences as to how...
View ArticleQualys Technology Add-on (TA) for Splunk: Why am I receiving "Error during...
We have Qualys Technology Add-on (TA) for Splunk installed on a Heavy Forwarder that stopped working shortly after this error came up. This is the log in full: TA-QualysCloudPlatform:...
View ArticleSplunk DB Connect: How to properly upgrade from 2.1.2 to 3.0.1?
We are currently at v2.1.2 of Splunk DB Connect running on our heavy forwarder in a distributed environment. I want to upgrade to eventually get to version 3.0.1 but the upgrade path says to upgrade to...
View ArticleHow to filter XmlWinEventLog in Heavy Forwarder with regex?
Hi, I have XML rendered log from sysmon and i need to extract from this log only interesting fields, for example:...
View ArticleWhy is data segregation by index not displaying events?
I'm trying to segregate data coming from a specific Heavy Forwarder using a specific index (my_index). So as per Answers and Manual: 1. I defined also "my_index" index on the two Indexers that receive...
View ArticleWhy are Windows Event Logs not forwarded after installing a new Windows server?
Hi there, I have the following issue detected in our environment and I'm not sure where the problem comes from. We have several Windows Server monitored with a heavy forwarder. The Event logs are...
View ArticleHow to max out Windows forwarder file descriptors limits?
I'm trying to max out Windows forwarder file limits. When using "max_fd" in limits.conf, I get the following warning: WARN TailingProcessor - Constraining max_fd from requested '20000', will use...
View ArticleWhat is the recommended hardware requirement for Heavy Forwarder that is...
What is the recommended hardware spec for a HF that is now indexing locally. Essentially, I know it's an Indexer that is just forwarding, so do we treat it as such in terms of hardware requirements?...
View ArticleTripwire Enterprise App for Splunk Enterprise: Why am I not able to see data...
Hello all, I have a test environment on a RHEL 7 server that is running Tripwire Enterprise App for Splunk Enterprise and Splunk trial on the same machine. I've loaded the Tripwire Enterprise App on...
View ArticleHow to resolve the Fail to update configuration for add-on error on heavy...
Hi I Installed a Add-on on the Heavy Forwarder, when I try to setup the Add-On using API and credentials, its showing the error "Fail to update configuration for add-on xxx" but the add-on is working...
View ArticleHow to find out the frequency time difference between each indexer receiving...
Hi All, currently we are facing an issue, where one of the indexer is consuming more space compared to other indexers instance in our evironment and they all share the common indexes.conf, outputs.conf...
View ArticleWhy do I receive error "TypeError: object() takes no parameters" while...
Hi, Since Splunk does not support Splunk add for SCOM, we are using splunk packaging tool kit to breakup the addon and deploy the various component. we have a heavy forwarder which is on premise. we...
View ArticleHow to send JSON data (sent via HTTP POST) to a heavy forwarder?
Currently I have a security appliance sending JSON data via HTTP POST to an all-in-one stand alone Splunk test instance. Now I want to send the JSON data to an intermediate Heavy Forwarder in...
View ArticleSplunk Add-on for Amazon Web Services: How to resolve error...
Hi, I am trying to onboard S3 data into AWS Cloud. I am using Splunk Add on for AWS on heavy forwarder. I have added the input for S3. This is the error I am getting. 04-03-2017 19:07:11.209 +0000...
View ArticleProps/ Transforms problems - Meraki
Hello everyone! I'm trying to use props/ transforms to set a sourcetype and change the hostname of my devices. Currently they are coming in as sourcetype=syslog My event looks like this: **Apr 3...
View ArticleHow to configure TCP port on NetApp filer for forwarding the syslog messages...
Hii. I Have netapp filers running on 8.2.x and 8.3.x and did setup forwarding the logs to Splunk heavy forwarder. Would like to know how to use only TCP port for forwarding the logs to heavy forwarder....
View ArticleDiagnosing Issues with Python and Splunk Add-on for EMC VNX data_loader...
We are trying to perform storage monitoring and both the EMC VNX and EMC XtremIO seem to be running python scripts as part of the Splunk Add-on for EMC VNX that break after a period of time. I think...
View ArticleTransform on DBConnect Input Removing Field
Hi, I have an SQL input being consumed via DBConnect 2.4 which has several fields including 'Message' and 'Originating System'. They are currently being sent to our indexers under the sourcetype...
View ArticleHow to adjust the timezone with Splunk DB Connect and Splunk Cloud?
Hello all, I'm having a bit of an issue with getting the time to get parsed correctly in my Splunk DB Connect data. The setup is that we have DBX running on a heavy forwarder collecting data and...
View ArticleSending data to Splunk Cloud using multiple outputs.conf for mobile systems.
I am interested in the community's thoughts on forwarding data to Splunk Cloud for mobile systems. Currently I am working to consolidate all my Universal Forwarders to forwarder their data thru a Heavy...
View Article