Getting Data In

AccountName disappears when I forward Windows Security Eventlogs


I have 5 computer who send security logs to a server. This server forward those logs to my splunk server so I can put them on a dashboard and I can send email alerts when the account "Administrator" is used.
My problem is that I can see the account name on my server but on Splunk web app those informations dissapear from the logs so I can't sepparate logs by the user.

Does someone can help me with this please?

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...