All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Windows Event Logs Analysis - parsing of the logs is not what it is expecting

cisaksen
Explorer
‎02-13-2020 07:17 AM

Is anyone having trouble with evenitid add-on working with Splunk_TA_windows add-on?

The Windows logs are being parsed and in a nice readable format but eventid seems to be expecting something different than what is being parsed. I'm getting results that don't match what I believe eventid is expecting.
example:
On the EventSources dashboard the Event Sources panel returns nothing for Error - All - * in the imput fileds. But if do a manual search just based on Type I get the following types (event_sources| stats count by Type)
Computer

OperatingSystem
Processor

Roles

Site

SiteLink

Subnet

This clearly doesn't seem to be what eventid is looking for. Any ideas on what could be happening ?

0 Karma
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...