https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55009#M96860 <P>All access to the server is firewalled except for the network share where the logs are put as evtx files. I'm not allowed to connect directly to the originator. The files on the share are file dumps from the event log.</P> Sat, 08 Sep 2012 22:55:06 GMT AndreasLP 2012-09-08T22:55:06Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55005#M96856 <P>Hi,</P> <P>I have some issues with setting up Splunk to read a WindwsEvent file stored on a network share. It seems like the setup is fine, but no files shows up in Splunk and nothing is indexed.</P> <P>From the exact same destination I'm able to read windows update logs without any problems, so it shouldn't be any problems with the credentials. All files have the same permissions.</P> <P>Since this is my first tme setting up Splunk I hope i have made some simple misstake which is easily fixed.</P> Sat, 08 Sep 2012 21:59:52 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55005#M96856 AndreasLP 2012-09-08T21:59:52Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55006#M96857 <P>Have you taken a look here: <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorwindowsdata">http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorwindowsdata</A></P> Sat, 08 Sep 2012 22:12:12 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55006#M96857 neklov_splunk 2012-09-08T22:12:12Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55007#M96858 <P>Unfortunately that access path is restricted, I have only the UNC path to work with <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P> Sat, 08 Sep 2012 22:43:10 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55007#M96858 AndreasLP 2012-09-08T22:43:10Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55008#M96859 <P>What access path is restricted?</P> Sat, 08 Sep 2012 22:49:31 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55008#M96859 neklov_splunk 2012-09-08T22:49:31Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55009#M96860 <P>All access to the server is firewalled except for the network share where the logs are put as evtx files. I'm not allowed to connect directly to the originator. The files on the share are file dumps from the event log.</P> Sat, 08 Sep 2012 22:55:06 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55009#M96860 AndreasLP 2012-09-08T22:55:06Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55010#M96861 <P>what neklov_splunk was pointing to is the this part of the doc:<BR /> <A href="http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/MonitorWindowsdata#Index_exported_event_log_.28.evt_or_.evtx.29_files" target="_blank">http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/MonitorWindowsdata#Index_exported_event_log_.28.evt_or_.evtx.29_files</A></P> Mon, 28 Sep 2020 12:24:23 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55010#M96861 MarioM 2020-09-28T12:24:23Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55011#M96862 <P>Adding to the above the splunk which has access to the unc path need to be installed on Windows Vista, 7 or Server 2008/2008 R2 to read .evtx</P> Sun, 09 Sep 2012 09:14:40 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55011#M96862 MarioM 2012-09-09T09:14:40Z https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55012#M96863 <P>It turned out I was restricted by a very exotic Group Policy Setting. When that was corrected, everything works fine.</P> <P>Thanks for all the answers and quick help!</P> Mon, 10 Sep 2012 12:50:26 GMT https://community.splunk.com/t5/Getting-Data-In/Reading-WindowsEvent-logs-from-UNC-path/m-p/55012#M96863 AndreasLP 2012-09-10T12:50:26Z