Solved: Can Splunk Cloud index .evtx Windows event logs if...

dshelikhov · ‎06-22-2015

Is it correct that Splunk Cloud cannot index .evtx Windows event logs in case I upload this directly?

dshelikhov · ‎06-24-2015

Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.

Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.

View solution in original post

dshelikhov · ‎06-24-2015

Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.

Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.

jimmpoul · ‎06-22-2015

I'm not aware of the .evtx file format, but with a forwarder, Splunk Cloud will index Windows events just like a regular Splunk Enterprise.

Can Splunk Cloud index .evtx Windows event logs if I upload this directly?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation