How can I get data in to splunk enterprise?

New Member

Dear all,
I'm a beginer. I just built up splunk enterprise. could you please help me to get data from windows servers? because I dont know how to deal with them. one more thing, I also tried to read with documents from splunk but still cannot understand to handle. kindly please help me.
thank you so much~~

Tags (1)
0 Karma


Okay, it sounds like you need to work through the free training (Fundamentals 1). That can help you get a little bit of experience.

For THAT, start here - About halfway down the page there is a big button for the free fundamentals class. Follow the instructions, do the class. It may take five, or ten, or even fifteen hours, but it will save you hundreds of hours of flailing.

After you've done that, get onto the splunk slack channel so you can get quick and simple feedback on your next steps.

The standard way to get data from a windows machine is to load onto the windows machine a very light version of Splunk called a UF (Universal forwarder). The UF will monitor the place that WIndows is putting its log files, and will send copies to Splunk.

When you are ready to do that, search for how to load the UF onto the windows machine. There are lots of good resources. Read them, try to figure them out and execute them. If you run into any trouble, then write a very specific question explaining what you did, what happened, and what you need to happen.

Write that description in notepad or a text file. Before submitting it here, take the words you just wrote that describe the situation and then google for the answer. Most of the time, you will find exactly what you need. If not, then post your question here, and then ask down in Slack for people to look at it and give you some help.

If you do your own homework first, and ask very specific, very targeted questions, then you will build your confidence, and also build a reputation of being really good at what you do.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!