How to setup Heavy Forwarder - Event filtering
Hello, Can someone please direct to me splunk docs tutorial or any video that would show me how to use the heavy forwarder? I have a sample event, lets say 5 fields. I want 2 fields to go to the...
View ArticleCan you help me set up our heavy forwarder for the following event filtering...
Hello, Can someone please direct me to the Splunk docs tutorial, or any video, that would show me how to use the heavy forwarder? I have a sample event, lets say 5 fields. I want 2 fields to go to the...
View ArticleBacking up my heavy forwarder I get an error
I want to back up my HF so that I can upgrade to the new 7.2 version but I get these invalid errors: Checking conf files for problems... Invalid key in stanza [aws:cloudwatch:metric] in...
View ArticleWhy am I getting an error when backing up my heavy forwarder?
I want to back up my HF so that I can upgrade to the new 7.2 version but I get these invalid errors: Checking conf files for problems... Invalid key in stanza [aws:cloudwatch:metric] in...
View ArticleHow to extract multiple multivalue fields from multi-line event at index time...
Needing help with multiple multivalue field extraction from a multiline event. Expecting the result of the following extraction to index each of rowA values with each of rowC identifiers, and index...
View ArticleHow can Splunk provide forwarding/receiving security ??
When enabling the receiving function in a Splunk enterprise instance (indexer for example), it will be listening on port 9997 by default( changeable) and any forwarder with the information (indexer...
View ArticleSplunkCloud gateway forwarder architecture and hardware requirements
Hey Folks, We have a fairly secure environment with no servers able to access the internet or route traffic to SplunkCloud. A large majority of the data we will be indexing is OS (*.nix, Windows etc.)...
View ArticleHow do I extract multiple multi-value fields from a multi-line event at index...
Needing help with multiple multi-value field extraction from a multiline event. Expecting the result of the following extraction to index each of rowA values with each of rowC identifiers, and index...
View ArticlePalo Alto app is not transoforming sourcetypes on splunk cloud
We are sending palo alto logs over UDP to a heavy fowarwarder which is forwarding logs to splunk cloud. The palo alto TA is not transforming the sourcetype correctly. In the indexed data the sourcetype...
View ArticleCannot perform action POST without a target name to act on
I am trying to simply add the .spl file for the Cloud credentials to my heavy forwarder and I am getting the below message. Cannot perform action POST without a target name to act on
View ArticleSplunk qroc integration
Hello Guys, We are using splunk as log collector only and via heavy forwarder we are receiving logs on Qroc (Qradra cloud version) with one LB in between.now the problem is none of the data is getting...
View ArticleWould like to block a specific Source going to a Heavy Forwarder
Hello Community, **Resources:** - Splunk Enterprise On-Prem = v7.1.2 - F5-BIGIP = v13.1.0 - Using: F5 Analytics iApp v3.7.2RC5 - Kiwi SYSLOG (Heavy Forwarder that has a Uni. Forwarder assigned)...
View ArticleSome files were not sent to Heavy forwarder.
UF seems to read the following files but the files were not sent to HF around 11-26-2018 16:16. The following messages appear in UF's splund.log around that time. It seems that splunk read the files....
View ArticleHow to find out what heavy forwarder a device is sending logs from
We have a DMZ heavy forwarder that sends the logs from the devices on the DMZ environment to our splunk server. I need to know the name of the devices that are sending the data through the HF. How can...
View ArticleCan you help me figure out why some files were not sent to the Heavy forwarder?
The universal forwarder (UF) seems to read the following files, but the files were not sent to the heavy forwarder (HF) around 11-26-2018 16:16. The following messages appeared in UF's splunkd.log...
View ArticleHow do I find out what heavy forwarder a device is sending logs from?
We have a DMZ heavy forwarder (HF) that sends logs from the devices on the DMZ environment to our Splunk server. I need to know the name of the devices that are sending the data through the HF. How can...
View ArticleWhen HF with "Splunk DB Connect" send data to Indexer, and if Indexer is...
If there is a environment like below, if Indexer is down, the data will be lost? *HF with `Splunk DB Connect` *Indexer I think data input like "file monitor","data from other Universal Forwarder" etc...
View ArticleHow the heavy forwarder and Splunk DB connect work when indexers is stopping...
Hi Splunk Professionals, I am going to upgrade my splunk components. Along with upgradeing, I am wondering what is the best way to prevent from losing the DB log when stopping indexers. My enviroment...
View ArticleIs it possible to transfer data from heavy fwd to two different cloud (cloud...
I have one heavy fwd and two different cloud indexers. 1. HF 2. indx1(placed in cloud 1) 3. indx2(placed in cloud 2) Both are the part for different cluster. Is it possible to send the data from the HF...
View ArticleIs it possible to transfer data from a heavy forwarder to two different cloud...
I have one heavy forwarder and two different cloud indexers. 1. heavy forwarder (HF) 2. indx1(placed in cloud 1) 3. indx2(placed in cloud 2) Both are the part for different cluster. Is it possible to...
View Article
