https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108785#M22884 <P>I commented on another thread as well:</P> <P>I'm seeing the same issue. I believe it is because if you look at the default config files in both the App and the Windows TA add-ons, the indexes are NOT the same. The Win Infra App looks for windows event logs in an index named "winevents" while the TA-Add-On saves event logs to index "wineventlog". I'm not sure how the Infra App config file could possibly work since it doesn't even look in the same locations". I'm working on trying to fix all of those mis-matches myself. Looking at the default eventtypes in the Infra App and the TA-Add-On, they're not the same either.......ugh.</P> Tue, 16 Sep 2014 22:40:24 GMT ldgrube 2014-09-16T22:40:24Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108780#M22879 <P>I have installed a universial forwarder on a windows machine and having it send to my splunk machine. <BR /> The problem is that on the windows app that i have installed on the splunk server. I cant see any events, in the search app i see it like this for exampel. Running 4.2 on the server.<BR /> WinEventLog:System<BR /><BR /> WinEventLog:Setup<BR /><BR /> WinEventLog:Security<BR /><BR /> WinEventLog:Application <BR /> Perfmon:Network Interface<BR /><BR /> Perfmon:Free Disk Space <BR /> Perfmon:CPU Load<BR /><BR /> Perfmon:Available Memory<BR /><BR /> ActiveDirectory</P> Wed, 25 May 2011 11:45:30 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108780#M22879 fisk12 2011-05-25T11:45:30Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108781#M22880 <P>I have a few questions:</P> <OL> <LI>Is only this one machine forwarding events having the issue (can other machine forward events without problems)?</LI> <LI>Is the server setup to receive Splunk forwarded traffic?</LI> <LI>Is the forwarder sending to the same port the server is looking for (see question 3)?</LI> <LI>From the forwarder, can you telnet to the server over the listening port (telnet servername 8089)?</LI> </OL> Wed, 25 May 2011 12:02:26 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108781#M22880 treinke 2011-05-25T12:02:26Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108782#M22881 <P>I may have been à bit unclear. The events are being forwarded. They just dont show up in the windows app.</P> Wed, 25 May 2011 12:28:03 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108782#M22881 fisk12 2011-05-25T12:28:03Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108783#M22882 <P>Anyone? Sounds like quite an easy problem to solve.</P> Mon, 30 May 2011 19:22:26 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108783#M22882 fisk12 2011-05-30T19:22:26Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108784#M22883 <P>I commented on another thread as well:</P> <P>I'm seeing the same issue. I believe it is because if you look at the default config files in both the App and the Windows TA add-ons, the indexes are NOT the same. The Win Infra App looks for windows event logs in an index named "winevents" while the TA-Add-On saves event logs to index "wineventlog". I'm not sure how the Infra App config file could possibly work since it doesn't even look in the same locations". I'm working on trying to fix all of those mis-matches myself.</P> Tue, 16 Sep 2014 22:35:57 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108784#M22883 ldgrube 2014-09-16T22:35:57Z https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108785#M22884 <P>I commented on another thread as well:</P> <P>I'm seeing the same issue. I believe it is because if you look at the default config files in both the App and the Windows TA add-ons, the indexes are NOT the same. The Win Infra App looks for windows event logs in an index named "winevents" while the TA-Add-On saves event logs to index "wineventlog". I'm not sure how the Infra App config file could possibly work since it doesn't even look in the same locations". I'm working on trying to fix all of those mis-matches myself. Looking at the default eventtypes in the Infra App and the TA-Add-On, they're not the same either.......ugh.</P> Tue, 16 Sep 2014 22:40:24 GMT https://community.splunk.com/t5/Getting-Data-In/forward-from-windows-machine-problem/m-p/108785#M22884 ldgrube 2014-09-16T22:40:24Z