Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Can't find "local event logs" option in splunk

obuobu
Engager
‎04-22-2024 02:30 PM

Hey, I installed splunk enterprise free trial on ubuntu server and this is the first time I am using splunk so I am following a video. I am having trouble locating "local event logs" option while adding data to splunk from a universal forwarder in windows server. I want to capture event logs from windows server to see in splunk. Please help me out as soon as possible.

Thank you.Screenshot 2024-04-23 025803.png

Labels (3)
Reply

greengrocer92
New Member
‎09-19-2024 01:49 PM

Just encountered the same issue.  I'm following allow on a Udemy Splunk course.  The instructor is using Windows and it appears that this option is for local Windows Event logs that one would view in Event Viewer (they're not flat text files).  I'm guessing that the option appears only on Windows, as Ubuntu and MacOS (which I'm using) use flat files for logs rather than Windows events, which I assume are in a dB format that Event Viewer parses.  

0 Karma
Reply

kuukudjan
Engager
‎07-30-2025 06:56 PM

Kindly repeat the step again  "select the forwarders" then when it comes to selecting the server class dont create a new one just select "existing"  and select the previous one you created and the "local events logs"  will appear. 

Reply

nikunj-2386
Engager
‎06-11-2024 12:06 AM 
- I've encountered the same issue before.
- You can resolve it by following these steps:
  - Navigate to "Settings"
  - Click on "Data Inputs" Within "Data Inputs," you'll find two sections:
      - "Local inputs"
      - "Forwarded inputs"
  - Choose "Forwarded Inputs"
  - Select "Windows Event Logs"

- To add a new configuration, click on the "+ Add new" option next to "Windows Event Logs".
- If you don't see any "Available hosts" at the first "Select Forwarders" stage, try refreshing the page 5-6 times or go back and try adding new again.
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-22-2024 11:14 PM

Hi @obuobu ,

let me understand:

  • you have a Splunk Enterprise installed on Ubusntu,
  • then you have Splunk Universal Forwarder installed on a windows machine,
  • you want to see the logs from the Windows machine in Splunk,
  • is it correct?

At first did you configured your Splunk Enterprise Server to receive logs [Settings > Forwardering and Receiving > Receiving]?

Then, did you configured your UF (that I suppose it's installed) to send logs to the Splunk Enterprise Server?

Then did you configured the local inputs locally or using a Deployment Server?

for more infos see the ingestion process at https://docs.splunk.com/Documentation/Splunk/latest/Data/Usingforwardingagents

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...