https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648953#M110286 <P>Thanks for the suggestion Sri. Will try it out.</P><P>&nbsp;</P><P>Cheers..</P><P>&nbsp;</P><P>Regards</P><P>Murali</P> Mon, 03 Jul 2023 06:33:27 GMT Murali 2023-07-03T06:33:27Z https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648949#M110284 <P>Hello guys,</P><P>&nbsp;</P><P>I have&nbsp;[WinEventLog://Security] inputs.conf&nbsp; setup.</P><P>However , I would like to see the machine/server type and OS type in the index which is currently not there.</P><P>How can I bring this data in. I have checked the raw data and no such infomation.</P><P>Your thoughts?&nbsp; Thanks in advance.</P><P>&nbsp;</P><P>Cheers..</P><P>&nbsp;</P><P>Regards</P> Mon, 03 Jul 2023 03:02:37 GMT https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648949#M110284 Murali 2023-07-03T03:02:37Z https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648950#M110285 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/251633">@Murali</a>&nbsp;</P><P>If you can't find Type/ OS in Windows Security Event logs that are ingested to Splunk, that is likely due to the source windows machines do not have such information exist in event logs.</P><P>You could talk to Windows Administrator to include the desired details on Windows machine that you wanted for Splunk to collect and ingest.</P><P>Hope this helps!&nbsp;</P><P>-------------------------</P><P>Srikanth Yarlagadda.</P> Mon, 03 Jul 2023 04:42:50 GMT https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648950#M110285 venkatasri 2023-07-03T04:42:50Z https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648953#M110286 <P>Thanks for the suggestion Sri. Will try it out.</P><P>&nbsp;</P><P>Cheers..</P><P>&nbsp;</P><P>Regards</P><P>Murali</P> Mon, 03 Jul 2023 06:33:27 GMT https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648953#M110286 Murali 2023-07-03T06:33:27Z https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648959#M110290 <P>As <a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/163730">@venkatasri</a> already pointed out - you can't just conjure data out of thin air - if the original event doesn't include the information (and typically it doesn't - why should it? You don't need the extra amount of wasted storage only to have the information which you typically should have otherwise).</P><P>And your windows admin will most probably _not_ be able to force windows to include such info in the logs (again - why should windows send that in the event?).</P><P>Typically, in all kinds of monitoring software you usually have some form of an asset database separate from the events themselves and a method of correlating the source identified from the event with the data in said database. In case of plain Splunk Enterprise you&nbsp; can gather such info in a lookup table and dynamically enrich your data on search. If you have Enterprise Security, there are additional options of having such asset db created (semi-)automatically for you.</P> Mon, 03 Jul 2023 07:32:19 GMT https://community.splunk.com/t5/Getting-Data-In/WinEventLog-Security-logs-to-Splunk/m-p/648959#M110290 PickleRick 2023-07-03T07:32:19Z