What are the main differences between the Universal forwarder and Heavy...
Can someone explain me in simply english the difference between there two forwards and where they are using?
View ArticleConfiguration for heavy forwarder to store events locally when indexer is...
Dears, may i know how to configure splunk Heavy forwarder to store events locally in case of indexer unavailable ?
View ArticleHeavy forwarder 6.5.0 is monitoring logs stored in file even though disabled...
Heavy forwarder 6.5.0 is monitoring logs stored in file even though disabled stanza is not specified in inputs.conf When I am doing splunk cmd btool inputs list I am getting parameter as disabled = 1...
View ArticleHow does one Monitor the MySQL Binary Log?
Hi There...thanks in advance for any help you may provide. How do you monitor MySQL's binary log? I've got the Splunk Add-On for MySQL and DBConnect both installed. I've got a valid connection to the...
View ArticleHow to configure time zone settings for firewall data coming from a different...
Hi All, Currently we got a request to adjust the time zone based on the Plant location from where the firewall logs are being sent to the splunk Heavy Forwarder instances and then get indexed in the...
View Articleunable to search index="_internal" for heavy forwarder instance from search...
Hi All, Suddenly I am unable to search the index="_internal" for all heavy forwarder instance from search head console. When checked in the splunk HF instances, could see...
View Article6.6.3 issues reading syslog files after syslog rolls a file and restarts.
We log just about everything to syslog and have Splunk read the syslog files. This has been working forever until we upgraded from 6.6.1 to 6.6.3. Now, when syslog rolls a file, splunkd doesn't start...
View ArticleMixed single-line and multi-line events in heavy forwarder problem
I have a heavy forwarder (Splunk Enterprise 7.0) that needs to parse a very nasty log file. I am interested in only a few of the events, so the forwarder needs to discard most of them. Most of the...
View ArticleERROR TcpOutputFd - Read error. Connection reset by peer -- Error occurring...
So we've noticed this error on our heavy forwarder. I assume it means that our indexer cluster, for some reason, doesn't like the connection with the heavy forwarder? It looks as if I'm not missing any...
View ArticleHeavy forwarder redundancy and HA
Hi, My client needs High Availability in the heavy forwarders. They are collecting events from devices on a datacenter and sending to the indexer in another datacenter. Those events are sent through a...
View Articlelogs by udp syslog
HI at all I have a very strange thing: I'm using Splunk 7.0.0 in all systems. I have two Heavy Forwarders with a Load Balancer Netscaler in front of, that receive syslogs and send them to two Indexers....
View Articlehow route data to specific index when we use heavy forwarder?
I build distributed Splunk Enterprise network the network flow is like below *UF--->HF------->IDX----->SH* In which I monitor a log file using inputs.conf[monitor:///var/log/syslog] disabled =...
View ArticleNo persistentqueue attributes in outputs.conf. How to configure data...
I was referring to this link, [https://wiki.splunk.com/Community:Best_Practice_For_Configuring_Syslog_Input][1] to configure data buffering on Heavy Forwarder. The instructions provided talk about...
View ArticleIs a Heavy Forwarder architecture supported?
Congrats on the new release! I have an AWS HF instance forwarding to on-premise indexers. Is this model supported? I didn't see mention of this model being explicitly supported or not supported and...
View ArticleWhat is the difference between DEST_KEY= _TCP_ROUTING and DEST_KEY =...
Please give me a practical explanation of **DEST_KEY** usage in transforms.conf
View ArticleCan a single UF forwards data to multiple HF's?
Is it possible to send data from universal forwarder to multiple heavy forwarders? if yes how can specify the HF group.
View ArticleMinimal user permission for collect data from ms
Hello, May be anyone work with this, me can't find information about minimum permission for user from ms cloud, through which we collect data to splunk. We use this [manual][1] for configure. On...
View ArticleCan I install the Splunk Supporting Add-on for Active Directory to a heavy...
Splunk app for exchange is installed on Search Head,can I install AD support addon which is prerequisite for exchange on Heavy Forwarder? AD connectivity can be easy from Heavy forwarder(HF at customer...
View ArticleHeavy Forwarder config to replicate Snare
Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwarder->HeavyForwarder->ForkTo: 1. Native windows log gets pushed to the indexer...
View ArticleIs there a config available that would push out the same format as Snare from...
Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwarder->HeavyForwarder->ForkTo: 1. Native windows log gets pushed to the indexer...
View Article