Route data on Heavy Forwarder is not working
Hi guys I tried hard here and read some docs: (https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Inputsconf) (https://docs.splunk.com/Documentation/Splunk/7.1.0/Admin/Propsconf)...
View ArticleForward data to third party and self-service Splunk Cloud
We are using self-service Splunk Cloud. and all clients are using UF to directly send data to self-service Splunk Cloud. UF -------> self-service Splunk Cloud Now, management is requesting to...
View Articlesetup heavy forwarder and making it a deployment client
hello, we are trying to setup HF with multi NIC feature and we wanted to know the steps as we also need to make the HF as one of the deployment client. thanks!
View ArticleWhy am I getting an invalid eval expression error on search heads and the...
Brand new Splunk Enterprise 7.1.0 install, not upgraded, and installed the 1.1.0 version of TA-MS_O365_Reporting on the Search Head cluster via Deployer and also on a Heavy Forwarder via the Deployment...
View ArticleHow many events per second a heavy forwarder can ingest with the below...
We wanted to ingest 20000 eps minimum now 1 year later we wanted to go with the 50000 eps to give me some documentation for the heavy forwarder spec with the eps. These logs will go from on perm heavy...
View ArticleparallelIngestionPipelines on heavy forwarder
hi, we have activated parallelIngestionPipelines (set to 2) due to blocked queues on a heavy forwarder. After adding another pipeline, there is no change in the congestion and it seems that only one...
View ArticleHeavy Forwarder vs. Reduced Splunk Enterprise & DB Connect App
Hello everyone! My team and I are attempting to create a service for our departments' applications that enable them to easily send logs to our Splunk Enterprise; however, we do not control the Splunk...
View ArticleHeavy Forwarder Forwarding Question
I am a Splunk novice and have created a splunk indexer cluster in a windows environment. I have two heavy forwarders gathering event log data from machines in each heavy forwarder’s specific subnet....
View ArticleFeedback on deploying heavy forwarder in AWS
Hello, Just looking for some feedback, specifically if using a heavy forwarder is the right solution. The heavy forwarder will be collecting data from the production, test and dev VPC's and forwarding...
View ArticleDoes a Heavy Forwarder fit my needs?
I have read in various places about "cooking" logs before sending them to a Splunk Enterprise instance. I'm curious to know if a Heavy Forwarder is an optimal solution for my team. To give some...
View ArticleWhy do we install apps on a Heavy forwarder through a deployment server?
Hi everyone, I am confused about deployment server function. can anyone elaborate it in simple words, secondly why we need to install apps on heavy forwarders.
View ArticleDistinguish which Heavy Forwarder an event passed through?
Hello, I've been looking through documentation and other answers, and would like some ideas on our specific use case. Essentially, we have 1 Search Head, 1 Indexer, a dozen Heavy Forwarders, and each...
View ArticleCan you configure the Receiver stanza to have a Persistent Queue?
Hi All, sorry if this is a stupid question. When you configure a Intermediate Heavy Forwarder(Non-Indexing) receiver. Can you add a persistent Que within this to avoid data loss for a period the...
View Articlesyslog redundancy
Hello, I'd like to setup active-failover redundancy instead of time based load balancing on heavy forwarder routing syslog to third party system (syslog-ng) Is it possible somehow ? The main problem if...
View ArticleIs it possible to send logs from splunk to elasticsearch without logstash at...
We have client with splunk enterprise instance and we need to send some logs from this instance directly to elasticsearch . Is it possible!?
View ArticleQualys Technology Add-on (TA) for Splunk: Files download, xml is in tmp, but...
Hello, we are using the latest Qualys Technology Add-on (TA) for Splunk (TA-QualysCloudPlatform version 1.3.2) on a Heavy Forwarder. It seems to download the information via the Qualys API and write...
View ArticleWhy does clustering always appear as a repeat phenomenon without a reason?
hello, I have a strange question, This question is described as a bit rough. I have a single site cluster that contains 5 indexers, 4 search heads, a deploye, a cluster master, some deployment servers,...
View ArticleMissing of events and flooding of data in Heavy forwarder
i have 4 region of splunk server and the architecture is Uf(data from 20 location) ---> HF >>>>indexer .... search head so if i add any new UF which is replacing old server. i need to...
View ArticleWhere shoulld I install Azure Monitor Add-on For Splunk? (Heavy...
HI , I would like to know where should I install the Azure Monitor Add-on For Splunk? on which of this component? Heavy forwarder, indexer , Search head? Thanks
View ArticleWhat architecture will work in this Splunk Distributed Environment ?
Hi Team, I have an infrastructure located globally multiple sites around 10 to 15 Sites which can be generated approximately 1 TB of log volume a day, I would need Splunk expertise suggestions on what...
View Article