Forwarding issue
I have windows event logs coming into a heavy forwarder, which I don’t need to index. All I need to do is select a couple of windows event ids, reparse them and send them to a 3rd party as single line...
View ArticleDeploying a Heavy Forwarder on a Cloud Server, what is needed?
Hello everyone! I'm working closely with my server team, and we are going to deploy a Heavy Forwarder on a cloud server. We're doing this so that we can manage our own tokens. We also have a Splunk...
View ArticleIn a heavy forwarder, how do I select specific windows event ids and reparse...
I have windows event logs coming into a heavy forwarder, which I don’t need to index. All I need to do is select a couple of windows event ids, reparse them and send them to a 3rd party as single line...
View Articleheavy forwarder does not forward data from db connect
Hello, I have set up a heavy forwarder with DBX. The connection to my sample database (mySQL) works, but the data is not forwarded to my indexer. I tested the connection by forwarding the syslog from...
View ArticleOn a Heavy forwarder that forwards events to a 3rd party device, how can I...
Hi I have an app on a HF that forwards events to a 3rd party device via unencrypted channel. I would like to encrypt the traffic using certificates which I received from a 3rd party (root.crt and...
View ArticleHEC Sourcetype
Hello everyone! I just have a brief question regarding the HEC input. Our primary data input is the HEC. For new applications that want to forward through our deployed Heavy Forwarder, we must first...
View ArticleWhy doesn't my quartz scheduler cron settings used on Splunk Add-on for MS...
Hi folks, I've installed a HF on a SCOM server to collect SCOM logs to Splunk. On the HF I've installed the [Splunk Add-on for Microsoft System Center Operations Manager][1] to collect logs using...
View ArticleHeavy Forwarders as an intermediary Layer Using indexer discovery
Hey, we are using multiple HF to collect data from different groups of UF before sending it to a multi site Indexer Cluster. I want to activate indexer discovery to make it easier to size/change the...
View ArticleHow Do You Forward Data to Syslog Server and Indexers?
What I am trying to do is to get a particular source type forwarded from the heavy forwarder to a syslog server. In addition, I want the data to also go to my indexers. Is it possible to do this? What...
View ArticleSplunk Heavy Forwarder vs. PCF Firehose tile
Hi, I am currently trying to decide which path to take in order to resolve a log delay issue that I am experiencing. I was wondering if anyone could give me the pros and cons of each: Option 1: Install...
View ArticleHow to configure the Stream app on a heavy forwarder and indexer?
Configure stream on a forwarder: I installed stream app on Splunk HF and indexer, I want to send my routers netflow logs to indexer, I run set_permissions.sh on both of them and configure my...
View ArticleSending AWS data from heavy forwarder to indexer
Our splunk environment consists of a Universal Forwarder, Heavy forwarder and Indexer. We are importing our AWS cloudtrail data from an S3 bucket using SQS via the AWS Add on. I have configured this on...
View ArticleI want 'HF' to forward on 9997 port and send the same data to itself by...
I want `HF` to forward specific logs(tcp input from 514 port) to indexer, and also transfer them itself with syslog format. By the way, I configured like below, but its not working. `props.conf`...
View ArticleHow can I have the 'HF' to forward specific logs to indexer and also transfer...
I want `HF` to forward specific logs(tcp input from 514 port) to indexer, and also transfer them itself with syslog format. By the way, I configured like below, but its not working. `props.conf`...
View ArticleTrouble installing Splunk_TA_jmx Add-on: Has anyone seen the following error?
I have the Splunk_TA_jmx add-on installed on a Heavy Forwarder but am getting the following error: Introspecting scheme=jmx: script running failed (exited with code 1). Unable to initialize modular...
View ArticleIs there a limit to the number of TCP listeners we can configure on a Heavy...
Hi , We have configured a couple of Bluecoats on TCP custom ports on a HF. i see the data flowing in but the Bluecoat admins frequently comment that they are receiving alerts for failed upload to...
View ArticleQuestion about sending data between SSL Forwarder to Forwarder
We will be deploying forwarders outside of our network and using SSL. These forwarders will be forwarding the raw data to another forwarder just inside our network. Once the raw data arrives inside our...
View ArticleWhen pushing HTTP Event Collector(HEC) configurations to Heavy Forwarders...
After HEC configurations are pushed to our HF, Splunk service fails to start. This is happening to all the HF that received the new HEC configurations.
View ArticleProblems with File/Directory Information Input
I'm trying to get this app working but struggling. The place I'm working has this installed on a couple of HF, but neither seems to be generating any data. Looking in the internal logs I can see the...
View ArticleWhy am I receiving the following error "WARNING: web interface does not seem...
After HEC configurations are pushed to our HF, Splunk service fails to start. This is happening to all the HF that received the new HEC configurations.
View Article