Was there anything in the documentation about this change? It kind of seems like a big one, and I don't see anything in upgrade notes or anything in the release notes, and it's kind of biting me right now.
... View more
I don't believe that there is any version of the forwarder available that will work on that old of a system. HP (HPE) ended all support for Tru64 at the end of 2012.
Unfortunately, the best answer is to upgrade your system to something supportable. Assuming that's not possible, your best bet to get logs to Splunk would be to use syslog from the Tru64 machine to a Splunk syslog target (preferably an intermediate forwarder).
... View more
lukasz92 - did reinstalling work to eliminate the artifacts?
We're seeing the same thing. What versions were you running (our forwarders are on 6.3.2, indexers on 6.4.3)?
... View more
This is an old question, but the HTTP event collector is a good answer (and didn't exist at the time the last answers were added.) Rather than parsing a log, it's a HTTP POST to an endpoint. Docs are here: http://docs.splunk.com/Documentation/Splunk/6.4.3/Data/UsetheHTTPEventCollector .
... View more