https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219259#M96151 <P>Glad to hear you're receiving data. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 09 Jan 2017 08:12:18 GMT skalliger 2017-01-09T08:12:18Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219254#M96146 <P>I have setup Universal forwarder on my Windows Server 2016 machine.</P> <P>I have setup the Universal forwarder credentials to point to my Splunk Cloud.</P> <P>By default shouldn't I now be getting data from the splunkd.log file?</P> <P>Regards,</P> <P>Greg</P> Thu, 05 Jan 2017 02:51:53 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219254#M96146 netroworx 2017-01-05T02:51:53Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219255#M96147 <P>You can always check your metrics.log on your Universal Forwarder installation to check whether data is being sent. Otherwise, you can of course search for <STRONG>index=_internal</STRONG> and also specify <STRONG>host=xyz</STRONG> if you'd like to.</P> <P>The other Spluk logs are also monitored, not only the splunkd.log. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 05 Jan 2017 12:17:56 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219255#M96147 skalliger 2017-01-05T12:17:56Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219256#M96148 <P>index=_internal shows a number of records.<BR /> Some of the records show a host of WIN2016 which is the machine I'm monitoring but when I search on host=WIN2016 I get no results.</P> Thu, 05 Jan 2017 23:52:17 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219256#M96148 netroworx 2017-01-05T23:52:17Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219257#M96149 <P>Data Summary shows: "Waiting for results..."</P> Thu, 05 Jan 2017 23:56:55 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219257#M96149 netroworx 2017-01-05T23:56:55Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219258#M96150 <P>If I search:<BR /> index=_internal host=WIN2016</P> <P>I get results so I guess internal events are filtered out by default.</P> Fri, 06 Jan 2017 00:10:27 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219258#M96150 netroworx 2017-01-06T00:10:27Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219259#M96151 <P>Glad to hear you're receiving data. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Mon, 09 Jan 2017 08:12:18 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-get-my-first-log-message/m-p/219259#M96151 skalliger 2017-01-09T08:12:18Z