Hello.. Currently we are in process to configure architecture for windows and linux servers Can you help me to let me know if I should install UF on all windows servers and send it to cloud with IUF?
Hi sidhartha..while configuring the universal forwarder dont we need to create input.conf and output.conf file in notepad ++ ..please help me understand this..will appreciate your quick reply..its an urjent requirement
Hi Sid ! If we stop the server and start it again then the external IP address gets changed; then the data will not flow as the receiver ip in outputs.conf will not change automatically. How to address this problem?
There is a option to request static external IP is Google cloud. But if you are using free tier I don't think that is available. So u need to keep those instances running until you are finishing your learning.
and also do i need to install the windows add on for splunk?...because it is not working for me...logs are not getting pushed to splunk after configuring the UF
It solely depends on what data you want to capture. If you need Windows logs then yes you need to install Windows add-on. You can raise a question in answers.splunk.com with error screenshot. You should get your answer.
Active directory is a Microsoft product used to manage various access related stuff. You can check out the below link for more info searchwindowsserver.techtarget.com/definition/Active-Directory In splunk you can monitor active directory logs.
@@splunk_ml HI Sid... thanks for the wonderful video.. even after adding port 9997 in fire wall, am not able to see in my search... am i missing some thing.. thanks in advance..
Could you post inputs.conf as well, which is missing in video, is that something when you choose 'Application' , 'System', other parameters that you intend to forwards logs is nothing but treated as input content that goes inside automatically upon tick mark enabled OR inputs.conf manually need to edited likewise outputs.conf. please do reply.
You are amazing.....nobody can explain better than you. Thanks.
Hello..
Currently we are in process to configure architecture for windows and linux servers
Can you help me to let me know if I should install UF on all windows servers and send it to cloud with IUF?
Hi sidhartha..while configuring the universal forwarder dont we need to create input.conf and output.conf file in notepad ++ ..please help me understand this..will appreciate your quick reply..its an urjent requirement
You mean while installing? It's optional then. But for UF you anyway needs input and output conf file.
You can put "cmd" in address bar of bin directory to open cmd directly in that directory
Thanks for this wonderful knowledge sharing. How to you handle universal forwarder installation in Splunk cloud? Thanks
mey be the below link will be helpful to you,
docs.splunk.com/Documentation/SplunkCloud/8.0.2004/User/DataSplunkCloudcanindex
@@splunk_ml Appreciate the guidance. Can we get a one on one session? Thanks
Hi Sid ! If we stop the server and start it again then the external IP address gets changed; then the data will not flow as the receiver ip in outputs.conf will not change automatically. How to address this problem?
even am facing this issue...
There is a option to request static external IP is Google cloud. But if you are using free tier I don't think that is available. So u need to keep those instances running until you are finishing your learning.
How did you create the input file?? i didn't see it the steps
and also do i need to install the windows add on for splunk?...because it is not working for me...logs are not getting pushed to splunk after configuring the UF
It solely depends on what data you want to capture. If you need Windows logs then yes you need to install Windows add-on. You can raise a question in answers.splunk.com with error screenshot. You should get your answer.
Thanks!
Hi Bro
I have a question what does the Active Directory means ? in splunk
Active directory is a Microsoft product used to manage various access related stuff. You can check out the below link for more info
searchwindowsserver.techtarget.com/definition/Active-Directory
In splunk you can monitor active directory logs.
Hi, I have configured the universal forwarder, but i cant see my forwarder in the host in the search app.
can you help?
host and port set correctly , external IP of my reciever and port is 9997
port is also enabled, but still not working!!!! :(
It could be firewall which is blocking the traffic. Can you check the firewall rule and see whether TCP traffic is allwoed for port 9997.
@@splunk_ml HI Sid... thanks for the wonderful video.. even after adding port 9997 in fire wall, am not able to see in my search... am i missing some thing.. thanks in advance..
Could you post inputs.conf as well, which is missing in video, is that something when you choose 'Application' , 'System', other parameters that you intend to forwards logs is nothing but treated as input content that goes inside automatically upon tick mark enabled OR inputs.conf manually need to edited likewise outputs.conf. please do reply.
Great video. Thank you my friend.
i did not found the inputs.conf i don't know why any help please.
Hello,
you can create inputs.conf if its not there.
why do you have port number in the ip address field?
Because you need to specifiy the port in which Splunk works [by default port 8000] at the momento you want to access the console.
This is a great video like'd and subscribe'd !