Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Getting windows logs into splunk

gwcon
Path Finder
‎03-08-2020 12:43 AM

Hi,

I am very new to Splunk. I am looking for a way to get windows logs into Splunk.
I downloaded the Splunk forwarder but the issue is that this gives me gibberish logs.
Example: "--splunk-cooked-mode-v3--\x00\x00\x00\x00\x00\x00\x00\x00\"

I understood this is due to it being TCP but not being recognized as such and it needing to be configured in splunk itself as receiving from a Splunk fowarder ?
But this is not allowed with a free license ?

If anyone has a link explaining this, that would be a massive help, i would love to understand it way better.
I apologize up front if this is a really silly question and the answer is obvious.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

natalielam
Explorer
‎03-08-2020 07:45 PM

Windows raw logs are binary files. Seems that your Splunk forwarder are not reading the logs properly. If you already installed the forwarder on your windows server, you can consider using the universal forwarder to forward the logs to your indexer: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowseventlogdata#Use_a_universal_f...

It is also more convenient to use the add-on to set up log collection: https://splunkbase.splunk.com/app/742/

View solution in original post

Reply
Solved! Jump to solution
Solution

natalielam
Explorer
‎03-08-2020 07:45 PM

Windows raw logs are binary files. Seems that your Splunk forwarder are not reading the logs properly. If you already installed the forwarder on your windows server, you can consider using the universal forwarder to forward the logs to your indexer: https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/MonitorWindowseventlogdata#Use_a_universal_f...

It is also more convenient to use the add-on to set up log collection: https://splunkbase.splunk.com/app/742/

Reply
Solved! Jump to solution

gwcon
Path Finder
‎03-08-2020 11:23 PM

Thanks for your reply, is this possible using the free edition of Splunk though ?
( i was convinced i got the cooked logs due to license, not due to config of forwarder in windows )

0 Karma
Reply
Solved! Jump to solution

natalielam
Explorer
‎03-08-2020 11:34 PM

Yes definitely! I used the trial version for my testing and it works.

0 Karma
Reply
Solved! Jump to solution

natalielam
Explorer
‎03-08-2020 11:35 PM

Noticed I put the wrong link to the windows add-on. Edited now. Cheers

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...

Index This | What is feather-light but cannot be held long?

May 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

.conf26 Registration is Live: Secure Your Early Bird Pass Now

  Lock in Your Spot: Registration Open for .conf26 in Denver Hello Splunkers, I have exciting news! Your ...