Can't find "local event logs" option in splunk

obuobu

Hey, I installed splunk enterprise free trial on ubuntu server and this is the first time I am using splunk so I am following a video. I am having trouble locating "local event logs" option while adding data to splunk from a universal forwarder in windows server. I want to capture event logs from windows server to see in splunk. Please help me out as soon as possible.

Thank you.

gcusello

Hi @obuobu ,

let me understand:

you have a Splunk Enterprise installed on Ubusntu,
then you have Splunk Universal Forwarder installed on a windows machine,
you want to see the logs from the Windows machine in Splunk,
is it correct?

At first did you configured your Splunk Enterprise Server to receive logs [Settings > Forwardering and Receiving > Receiving]?

Then, did you configured your UF (that I suppose it's installed) to send logs to the Splunk Enterprise Server?

Then did you configured the local inputs locally or using a Deployment Server?

for more infos see the ingestion process at https://docs.splunk.com/Documentation/Splunk/latest/Data/Usingforwardingagents

Ciao.

Giuseppe

Can't find "local event logs" option in splunk

Linux

universal forwarder

Windows

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases