Good Day Team,
Did anyone manage to get splunk eventgen working on windows 10?
I have been struggling to get it working on my windows 10 PC using splunk v7.3.2. I want to GIT but didnt get much that I understood could help.
I just wanted to follow through on some practical exercises I was setting up.
Regards,
please read this link -> https://answers.splunk.com/answers/656711/how-to-install-splunk-eventgen-in-a-windows-enviro.html
Here is the step I took to deploy eventgen to my macbook.
the key to have your eventgen working properly is to extract the correct data using token.
See below a sample configuration for Windows data.
[sample.DhcpSrvLog]
index = windows
source=c:\windows\system32\dhcp\dhcpsrvlog.log
sourcetype = DhcpSrvLog
interval = 300
count = 0
earliest = -5m
latest = now
token.0.token = ^\d+\,(\d{2}\/\d{2}\/\d{2}\,\d{2}:\d{2}:\d{2})
token.0.replacementType = timestamp
token.0.replacement = %m/%d/%y,%H:%M:%S
Hello,
Thank you for the prompt response:
Firstly, I tried out this link and installed it as an app but when I run a search string (index=main) I get nothing.
I was following the steps in the book Splunk 7 Essentials religiously but to no avail.
I just want a step by step procedure on installing on a Windows 10 PC.
you have to check if this data was send to other index into splunk.
Please troubleshoot the issue, check the internal index to identify which error messages you are getting. Read the procedure and what the videos at youtube to better assist you. I dont have the procedure for windows pc, I do have the macbook, but I believe the installation process should be the same.
Thank you for the response @ivanreis. I will do that as soon as I knock off and update