This documentation does not apply to the most recent version of Splunk® Universal Forwarder.
For documentation on the most recent version, go to the latest release.
Known issues
This topic lists known issues that are specific to the universal forwarder.
| Date filed | Issue number | Description |
|---|---|---|
| 2019-11-25 | SPL-171961 | Unpatched universal forwarders that process structured data, process data locally, or encounter unknown file types with a monitor input experience problems with timestamp extraction beginning on January 1, 2020. See Timestamp recognition of dates with two-digit years fails beginning January 1, 2020 for information and solutions. |
| 2018-04-10 | SPL-153251 | Universal Forwarder txz package cannot be installed on FreeBSD 11.1 Workaround: 1. Use pkg install instead of pkg add OR
2. Install package by untarring tgz file to /opt/splunkforwarder |
| 2015-04-14 | SPL-99687, SPL-129637 | Splunk universal forwarder is 7-10 days behind recent Windows Security and system log events. Workaround: To mitigate this, edit the following stanza in inputs.conf: [WinEventLog://Security] evt_resolve_ad_obj = 0. |
| 2015-04-07 | SPL-99316 | Universal Forwarders stop sending data repeatedly throughout the day Workaround: In limits.conf, try changing file_tracking_db_threshold_mb in the [inputproc] stanza to a lower value. |
Last modified on 08 May, 2025
| Troubleshoot the universal forwarder with Splunk Enterprise | Fixed issues |
This documentation applies to the following versions of Splunk® Universal Forwarder: 8.0.0
Download manual
Feedback submitted, thanks!