Getting Data In

Can't find "local event logs" option in splunk

obuobu
Engager

Hey, I installed splunk enterprise free trial on ubuntu server and this is the first time I am using splunk so I am following a video. I am having trouble locating "local event logs" option while adding data to splunk from a universal forwarder in windows server. I want to capture event logs from windows server to see in splunk. Please help me out as soon as possible.

Thank you.Screenshot 2024-04-23 025803.png

Labels (3)

nikunj-2386
Engager
- I've encountered the same issue before.
- You can resolve it by following these steps:
- Navigate to "Settings"
- Click on "Data Inputs" Within "Data Inputs," you'll find two sections:
- "Local inputs"
- "Forwarded inputs"
- Choose "Forwarded Inputs"
- Select "Windows Event Logs"

- To add a new configuration, click on the "+ Add new" option next to "Windows Event Logs".
- If you don't see any "Available hosts" at the first "Select Forwarders" stage, try refreshing the page 5-6 times or go back and try adding new again.
0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @obuobu ,

let me understand:

  • you have a Splunk Enterprise installed on Ubusntu,
  • then you have Splunk Universal Forwarder installed on a windows machine,
  • you want to see the logs from the Windows machine in Splunk,
  • is it correct?

At first did you configured your Splunk Enterprise Server to receive logs [Settings > Forwardering and Receiving > Receiving]?

Then, did you configured your UF (that I suppose it's installed) to send logs to the Splunk Enterprise Server?

Then did you configured the local inputs locally or using a Deployment Server?

for more infos see the ingestion process at https://docs.splunk.com/Documentation/Splunk/latest/Data/Usingforwardingagents

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...