Known issues
This topic lists known issues that are specific to the universal forwarder. For information on fixed issues, see Fixed issues.
Universal forwarder issues
Date filed | Issue number | Description |
---|---|---|
2024-09-27 | SPL-263518 | Upgrade removes group=per_(source|sourcetype|index|host)_thruput in metrics.log for universalforwarders. Workaround: ------ON UF ONLY------- in default-mode.conf add following line
|
2024-04-19 | SPL-254532, SPL-265719, SPL-265720, SPL-265721, SPL-265722, SPL-265723, SPL-265724, SPL-265725, SPL-265726, SPL-265892, SPL-265908 | UF 9.1.2 Windows Security events stop forwarding when Windows event log service is restarted Workaround: Restart the UF |
2022-08-17 | SPL-228646, SPL-228645 | Restart is needed when AWS access key pairs rotate (w/o grace period) or other S3 config settings for Ingest Actions become invalid |
2022-06-23 | SPL-226019 | Warning appears in the universal forwarder whenever any spl command is run: Warning: Attempting to revert the SPLUNK_HOME ownership Warning: Executing "chown -R splunk /opt/splunkforwarder". This warning is expected and will not affect functionality. |
2022-03-23 | SPL-221239 | System Introspect App fails when universal forwarder is installed at non-admin user |
Troubleshoot the universal forwarder | Fixed issues |
This documentation applies to the following versions of Splunk® Universal Forwarder: 9.4.0
Feedback submitted, thanks!