https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488646#M83613 <P>Thanks for your reply, is this possible using the free edition of Splunk though ?<BR /> ( i was convinced i got the cooked logs due to license, not due to config of forwarder in windows )</P> Mon, 09 Mar 2020 06:23:16 GMT gwcon 2020-03-09T06:23:16Z https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488644#M83611 <P>Hi, </P> <P>I am very new to Splunk. I am looking for a way to get windows logs into Splunk.<BR /> I downloaded the Splunk forwarder but the issue is that this gives me gibberish logs. <BR /> Example: "--splunk-cooked-mode-v3--\x00\x00\x00\x00\x00\x00\x00\x00\"</P> <P>I understood this is due to it being TCP but not being recognized as such and it needing to be configured in splunk itself as receiving from a Splunk fowarder ?<BR /> But this is not allowed with a free license ?</P> <P>If anyone has a link explaining this, that would be a massive help, i would love to understand it way better.<BR /> I apologize up front if this is a really silly question and the answer is obvious.</P> Sun, 08 Mar 2020 08:43:42 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488644#M83611 gwcon 2020-03-08T08:43:42Z https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488645#M83612 <P>Windows raw logs are binary files. Seems that your Splunk forwarder are not reading the logs properly. If you already installed the forwarder on your windows server, you can consider using the universal forwarder to forward the logs to your indexer: <A href="https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowseventlogdata#Use_a_universal_forwarder">https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowseventlogdata#Use_a_universal_forwarder</A></P> <P>It is also more convenient to use the add-on to set up log collection: <A href="https://splunkbase.splunk.com/app/742/">https://splunkbase.splunk.com/app/742/</A></P> Mon, 09 Mar 2020 02:45:14 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488645#M83612 natalielam 2020-03-09T02:45:14Z https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488646#M83613 <P>Thanks for your reply, is this possible using the free edition of Splunk though ?<BR /> ( i was convinced i got the cooked logs due to license, not due to config of forwarder in windows )</P> Mon, 09 Mar 2020 06:23:16 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488646#M83613 gwcon 2020-03-09T06:23:16Z https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488647#M83614 <P>Yes definitely! I used the trial version for my testing and it works.</P> Mon, 09 Mar 2020 06:34:01 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488647#M83614 natalielam 2020-03-09T06:34:01Z https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488648#M83615 <P>Noticed I put the wrong link to the windows add-on. Edited now. Cheers</P> Mon, 09 Mar 2020 06:35:12 GMT https://community.splunk.com/t5/Getting-Data-In/Getting-windows-logs-into-splunk/m-p/488648#M83615 natalielam 2020-03-09T06:35:12Z