This documentation does not apply to the most recent version of Splunk® Universal Forwarder.
For documentation on the most recent version, go to the latest release.
Download topic as PDF
Known issues
This topic lists known issues that are specific to the universal forwarder.
Date filed | Issue number | Description |
---|---|---|
2019-11-25 | SPL-171961 | Unpatched universal forwarders that process structured data, process data locally, or encounter unknown file types with a monitor input experience problems with timestamp extraction beginning on January 1, 2020. See Timestamp recognition of dates with two-digit years fails beginning January 1, 2020 for information and solutions. |
2018-04-10 | SPL-153251 | Universal Forwarder txz package cannot be installed on FreeBSD 11.1 Workaround: 1. Use pkg install instead of pkg add OR
2. Install package by untarring tgz file to /opt/splunkforwarder |
2015-04-14 | SPL-99687, SPL-129637 | Splunk universal forwarder is 7-10 days behind recent Windows Security and system log events. Workaround: To mitigate this, edit the following stanza in inputs.conf: [WinEventLog://Security] evt_resolve_ad_obj = 0. |
2015-04-07 | SPL-99316 | Universal Forwarders stop sending data repeatedly throughout the day Workaround: In limits.conf, try changing file_tracking_db_threshold_mb in the [inputproc] stanza to a lower value. |
Last modified on 04 December, 2019
PREVIOUS Troubleshoot the universal forwarder with Splunk Enterprise |
NEXT Fixed issues |
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.0.0
Feedback submitted, thanks!