This topic lists known issues that are specific to the universal forwarder.
|Date filed||Issue number||Description|
|2019-11-25||SPL-171961||Unpatched universal forwarders that process structured data, process data locally, or encounter unknown file types with a monitor input experience problems with timestamp extraction beginning on January 1, 2020. See Timestamp recognition of dates with two-digit years fails beginning January 1, 2020 for information and solutions.|
|2018-04-10||SPL-153251||Universal Forwarder txz package cannot be installed on FreeBSD 11.1|
1. Use pkg install instead of pkg add
2. Install package by untarring tgz file to /opt/splunkforwarder
|2015-04-14||SPL-99687, SPL-129637||Splunk universal forwarder is 7-10 days behind recent Windows Security and system log events.|
To mitigate this, edit the following stanza in inputs.conf: [WinEventLog://Security] evt_resolve_ad_obj = 0.
|2015-04-07||SPL-99316||Universal Forwarders stop sending data repeatedly throughout the day|
In limits.conf, try changing file_tracking_db_threshold_mb in the [inputproc] stanza to a lower value.
Troubleshoot the universal forwarder with Splunk Enterprise
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.0.0