Unable to get the Symantec ATP logs from heavy forwarder to the indexer...
Hi All, Currently we are facing a problem in getting the Symantec ATP logs from heavy forwarder to the indexer instances, we have configured Symantec ATP logs to be collected via http event collector...
View ArticleFireEye Add-on for Splunk Enterprise: How do I connect to a heavy fowarder?
I was able to simply install the FireEye TA on my all-in-one DevOps Splunk; configure the HX appliance to send JSON via HTTP POST to Splunk's API on 8089... without a problem I got the alerts in the...
View ArticleCan you hard code indexers on a heavy forwarder as a backup to indexer...
I want to leverage indexer discovery, as it seems like an elegant solution, but I am concerned about data loss in the possibility that a Heavy Forwarder restarts while the Cluster Master is down. Can I...
View ArticleHard disk requirement for Splunk heavy forwarder
Can you please share the hard disk requirement for Splunk enterprise and Splunk heavy forwarder
View ArticleSplunk DB Connect - Error message received when configuring for McAfee ePO logs
Hi, DB Connect - com.zaxxer.hikari.pool.HikariPool$PoolInitializationException: Failed to initialize pool: Login timed out Configuring DB Connect (v2) on HF to get mcafee ePO logs from Miscrosoft MS...
View ArticleA few questions about TA-Meraki setup using Heavy Forwarders
Hello Myron, We would like to install the TA-meraki app for our meraki data but I need some clarification on a couple of things. We use heavy forwarders in our environment. Please let me know if you...
View ArticleHow do I fix my heavy forwarder? It crashed and requires a manual restart.
Hi , Need urgent help on splunk issue. On Heavy forwarder the splunk service got crashed and required manual start .
View ArticleI would like to understand if it is possible to work with multiple CPUs in...
I would like to understand if it is possible to work with multiple CPUs in the Heavy Forwarder. In my current architecture, I have two Heavy Forwarders and both using only one CPU for processing...
View Articlecannot connect to cloud from heavy forwarder
I am unable to connect from HF (on windows) to splunk cloud. receiving is enabled on splunk cloud and HF as well on port 9997. Forwarding is enabled on HF to splunk cloud on port 9997 getting below...
View ArticleWhy can't I connect to Splunk Cloud from heavy forwarder?
I am unable to connect from HF (on windows) to splunk cloud. receiving is enabled on splunk cloud and HF as well on port 9997. Forwarding is enabled on HF to splunk cloud on port 9997 getting below...
View ArticleOn a heavy forwarder, can I forward a subset of data to syslog and drop...
Here is my situation: I have a Windows HF that is collecting a lot of different data. Some via powershell scripts, some via WMI, some via file monitoring locally and over UNC paths. All of that data is...
View ArticleHelp configuring props.conf and transforms.conf to filter Bro logs at the...
I am having trouble configuring my props.conf and transforms.conf to filter bro data at the heavy forwarder. Since the dns datasource is so chatty, I ONLY want to ingest events where the query field...
View ArticleIs this normal? CPU is at 100% on search head and heavy forwarder with data...
We are using the Splunk Add-on for AppDyanmics to pull in single API KPI's from our shared AppDynamics instance into Splunk. We have 78 inputs being pulled in. They are running on an interval of 5...
View ArticleEvent data filtering working in one environment but not in other.
I have two clustered environments consisting of 3 SH,3 Indexers and 1 HWF each running on Splunk 6.4.1. I need to filter out certain unwanted events coming from jms queues and send them to the...
View ArticleHow to send ESX logs via Splunk heavy forwarder in a Windows environment?
We have Splunk components (1 S.H + 1 IND + 2 H.F) installed in windows environment. I would like to configure ESX host to send logs to Splunk Heavy Forwarder and be able to Search data through S.H....
View Articlehow is installing HF different from UF
hi, we are currently monitoring windows security event logs across 3000 machines in our organization using UF's, these UF's forward data to a HF and the HF routes data to a Syslog server (for backup)...
View ArticleWhat are the differences between heavy forwarder and universal forwarder?
hi, we are currently monitoring windows security event logs across 3000 machines in our organization using UF's, these UF's forward data to a HF and the HF routes data to a Syslog server (for backup)...
View ArticleSplunk app for DBconnect 3.x Not forwarding data to Index Cluster
Hi, We have a HF running DBconnect version 3.1.0 (also tried 3.1.1) It has the correct drivers installed and the inputs are correct, We can execute the SQL commands and when turning on local indexing,...
View ArticleHeavy Forwarder not showing in Deployment Server
Hi Team, I am facing a very strange issue. I have two heavy forwarder, let say host1 and host2. I am getting data from both host1 and host2 on Indexer's but when only either of them get listed on...
View ArticleHTTP Event collector not working for .NET logging
We are getting authorization error while calling the service from dot net or java client. It is working fine with curl command( -k option) but failing on the client side due to some certificate...
View Article