Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Garbled Events in new Splunk installation on Debian

mpmackenna
New Member
‎08-10-2011 01:44 PM

I recently installed Splunk on Debian 6. I created a TCP receiver on port 10000 and installed the Universal forwarder with this command. 

msiexec.exe /i \\server\Applications\Splunk\32\splunkforwarder-4.2.2-101277-x86-release.msi DEPLOYMENT_SERVER="splunk:10000" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 AGREETOLICENSE=Yes /quiet

I am seeing events populate in my server installation but they appear to be garbled nonsense of some sort. What do I need to do to make my Windows events show up correctly on my server.
Here is an example of what I see when I click event and choose to see source. 

\u0016\u0003\x00\x00D\u0001\x00\x00@\u0003\x00NB\xE6.*e\xF1\x83\u001cH\xBE\u000b\xA5m۫\xCF=5k\u00041\x95n\x00r\u0012\xFC\u0015pg\xB7\x00\x00\u0018\x009\x008\x005\x003\x002\x00/\x00\u0016\x00\u0013\x00
\x00\u0005\x00\u0004\x00\xFF\u0002\u0001\x00
\u0016\u0003\x00\x00D\u0001\x00\x00@\u0003\x00NB\xE6p\x89WD8=

Here is a link to a screenshot of my events list.

This post seems to be related but from what I can tell the suggestion is how I have Splunk configured.

Thanks!

Mike

0 Karma
Reply

mpmackenna
New Member
‎08-10-2011 02:41 PM

Apparently this issue is related to my installer. When I did an installation using the GUI installer and specified the server and such that way in a RDP session instead of running the command, everything for that machine seems to be showing up correctly.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...