https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551254#M156427 <P>I just installed splunk and imported my license.</P><P>I have a series of Windows event viewer files that have been exported that I want to import.&nbsp;&nbsp;</P><P>I have tried the following:</P><OL><LI>Settings --&gt; Add Data</LI><LI>Upload Files From My computer</LI><LI>Select the file.&nbsp; It reads the file.</LI><LI>Next</LI><LI>Select Preprocess-winevt</LI><LI>Next</LI><LI>Review</LI><LI>Submit</LI><LI>Start Searching</LI></OL><P>No events are shown.&nbsp;&nbsp;</P><P>What am I doing wrong?</P> Tue, 11 May 2021 15:22:12 GMT rockb 2021-05-11T15:22:12Z https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551254#M156427 <P>I just installed splunk and imported my license.</P><P>I have a series of Windows event viewer files that have been exported that I want to import.&nbsp;&nbsp;</P><P>I have tried the following:</P><OL><LI>Settings --&gt; Add Data</LI><LI>Upload Files From My computer</LI><LI>Select the file.&nbsp; It reads the file.</LI><LI>Next</LI><LI>Select Preprocess-winevt</LI><LI>Next</LI><LI>Review</LI><LI>Submit</LI><LI>Start Searching</LI></OL><P>No events are shown.&nbsp;&nbsp;</P><P>What am I doing wrong?</P> Tue, 11 May 2021 15:22:12 GMT https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551254#M156427 rockb 2021-05-11T15:22:12Z https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551255#M156428 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/234313">@rockb</a>&nbsp;</P><P>I hope checked in all time range and playing with search&nbsp;also.</P><P>Just guessing the reason and I doubt on retention period of Index. Just check the possible _time of indexed event and index retention period.&nbsp;</P> Tue, 11 May 2021 15:32:14 GMT https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551255#M156428 kamlesh_vaghela 2021-05-11T15:32:14Z https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551257#M156429 <P><SPAN>kamlesh,</SPAN></P><P>&nbsp;</P><P><SPAN>I think you are saying to make sure that I am specifying to show all events not just events in a specific time period.&nbsp; I did not select any time period and if I understand the interface correctly it is saying it sees no events prior to today at 10:52&nbsp; There are 8198 events listed when I open the evtx file in Windows event viewer.</SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="rockb_0-1620748411960.png" style="width: 400px;"><img src="https://community.splunk.com/t5/image/serverpage/image-id/14115iF9BE9482066B31B8/image-size/medium?v=v2&amp;px=400" role="button" title="rockb_0-1620748411960.png" alt="rockb_0-1620748411960.png" /></span></P><P>&nbsp;</P> Tue, 11 May 2021 15:55:30 GMT https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551257#M156429 rockb 2021-05-11T15:55:30Z https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551380#M156469 <P>I figured it out.&nbsp; After the process is complete the Search window has host="xxxx" and sourcetype="preprocess-winevt".</P><P>&nbsp;</P><P>If I delete host="xxxx" and sourcetype="preprocess-winevt". events are shown.&nbsp;&nbsp;</P> Wed, 12 May 2021 17:13:28 GMT https://community.splunk.com/t5/Splunk-Search/Getting-Data-into-Splunk/m-p/551380#M156469 rockb 2021-05-12T17:13:28Z