How to use deployment server and SH deployer?
I have one deployment server to service 4 HFs and 1 deployer to service 3 SHs in cluster. What is the best way to push/deploy configurations/apps to HFs and SHs. Also, for some reason, I don't see...
View ArticleWhat is the best way to push/deploy configurations/apps to heavy forwarders...
I have one deployment server to service 4 HFs and 1 deployer to service 3 SHs in cluster. What is the best way to push/deploy configurations/apps to HFs and SHs? Also, for some reason, I don't see...
View ArticleData is not getting parsed at Heavy Forwarder
Hi, I am having an issue when we are trying to extracts fields at the Heavy Forwarder level. We are in a shared Cloud Environment but some Heavy Forwarders are local, so we want these HFs do the field...
View ArticleWhy is data not getting parsed at Heavy Forwarder?
Hi, I am having an issue when we are trying to extracts fields at the Heavy Forwarder level. We are in a shared Cloud Environment but some Heavy Forwarders are local, so we want these HFs do the field...
View Articlesplunk custom app using virtual environment - deploying the app
Hello I have difficult times to understand how to deploy an app which needs virtual environment and deploy the app in distributed environment? Currently I have installed the app on the Heavy Forwarder...
View Articlehow to define which heavy forwarder instances to deploy apps?
Hello - I have 3 HFs and about 150 UFs and 1 deployment server and other instances. In a new configuration, how can I use the DS to deploy apps to only these 3 HFs and UFs, not to other instances?...
View ArticleHeavy Forwarder Configuration Query
Hi All, I have inherited Splunk Enterprise in my company which includes 3 Indexers, 2 Search Head and each Deployment & Licensing Master and Cluster Master. Now in order to receive events from more...
View ArticleSplunk HW alerting
Hi. Is it possible to use alerting on some events on Splunk Heavy Forwarder? Or mb Splunk HW has workarounds for it? Thx.
View ArticleUsing heavy forwarder with Splunk Cloud
Guys, I need to configure heavy forwader to work with Splunk cloud. There are no document about it on the splunk base This tip does not work:...
View ArticleHow to forward logs using rsyslog
There are around 400 servers, which are already forwarding required logs to IBM Qradar using rsyslog. Instead of installing universal forwarders in every server, I want to add one more forwarder...
View ArticleHow to configure a heavy forwarder with Splunk Cloud
Guys, I need to configure a heavy forwarder to work with Splunk cloud. There are no documents about it on the Splunk base. This tip does not work:...
View ArticleManaging DB Connect and Heavy Forwarder in a distributed environment for...
Hi, we have an application that insists on writing relevant log information to an MS SQL DB instead of decent files. This of course means I need DB Connect to read the logs. I am not interested in...
View ArticleFilter Metrics on Heavy Forwarder
Is it possible to filter metrics on the Heavy Forwarder so they don't get passed along? Either a whitelist approach or blacklist approach is fine.
View ArticleLowest possible right to run heavy forwarder on Windows
Hello All, This is what we try to achieve: 1- In this Splunk document --> https://docs.splunk.com/Documentation/Splunk/7.3.3/Installation/ChoosetheuserSplunkshouldrunas, it is written that you need...
View ArticleSplunk query to fetch Heavy forwarder's Hardware specifications
Hi Splunkers, I am still a beginner, trying to write a query to fetch splunk heavy forwarder's cpu, memory usage and other hardware related stuff. With the below query i am not able to fetch the...
View ArticleIndex By host OR Sourcetype by host
Hello, I have 2 questions I am hoping someone can help me with. I am trying to figure out how to categorize data based on host (ip) at a heavy forwarder that ultimately categorizes data based on a list...
View ArticleHow to filter specific fields in structured events in Heavy Forwarder?
Hi Gaurav I want to know how to filter only few fields in an event and eliminate the other fields. Eg: { [-] action: ALLOW formatVersion: 1 httpRequest: { [] } httpSourceId: 30gcfrxt8djgvhg4b8f074e...
View ArticleHeavy Forwarder not receiving logs
Hi, After migrated Splunk Enterprise to a new hardware, my HFs stop receiving logs over port 514/1514. It's verified these ports are open on the new HFs. The new system is receiving logs from UFs...
View ArticleMonitor syslog-ng status
Hi All, We are running HF and syslog-ng on same server and we want to monitor the syslog-ng status. example if syslog-ng goes down splunk should trigger alert. Can someone suggest how we can achive this?
View ArticleSplunk collectd matrics to multiple indexers and HF
Hello Guys, I need you help to figure out how to put multiple HF or indexer name in collectd.conf for matrices data. I want high availability for HF. Incase HF1 is down my HF2 should be able to send...
View Article