Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I send Windows data to Splunk?

cgautreaux
New Member
‎11-24-2010 02:14 AM

How do I send Windows data to Splunk? I have the app installed but can't figure out how to pull the data from the windows boxes...

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Rob
Splunk Employee
Splunk Employee
‎11-24-2010 10:21 AM

Assuming that your environment is that you have a server with Splunk installed and other Windows machines connected on the network for which you want to collect data, you will want to deploy a forwarder on the Windows machines.

You can follow these steps to enable receiving and forwarding for getting data in to Splunk from the Windows machines:

  • On your Splunk server, go to "Manager>>Forwarding and receiving>>Configure receiving"
  • Click on "New"
  • Enter an unused port number on which you would like Splunk to listen on in order to receive Splunk data. (e.g. 9000).
  • Click on "Save"

On your Windows machines do the following:

  • Install Splunk on the Windows machines and configure the data inputs that you want to collect.
  • Go to "Manager>>Forwarding and receiving>>Configure forwarding"
  • Click on "New"
  • Enter the SPlunk hostname or IP and the port number as above. (e.g. Splunkserver:9000 or 192.168.1.100:9000)

You have now set up a forwarder on that Windows machine that will collect data and can be configured via the web interface. You can disable the Web UI by making the Splunk instance on the Windows machine a Light Weight Forwarder. This can be done by going to "Manager>>Forwarding and receiving>>Enable light forwarding" You will see a warning message that the web UI will be disabled and that Splunk will only be accessible via the CLI interface (command line shell on Windows) for further configuration.

View solution in original post

Reply
Solved! Jump to solution
Solution

Rob
Splunk Employee
Splunk Employee
‎11-24-2010 10:21 AM

Assuming that your environment is that you have a server with Splunk installed and other Windows machines connected on the network for which you want to collect data, you will want to deploy a forwarder on the Windows machines.

You can follow these steps to enable receiving and forwarding for getting data in to Splunk from the Windows machines:

  • On your Splunk server, go to "Manager>>Forwarding and receiving>>Configure receiving"
  • Click on "New"
  • Enter an unused port number on which you would like Splunk to listen on in order to receive Splunk data. (e.g. 9000).
  • Click on "Save"

On your Windows machines do the following:

  • Install Splunk on the Windows machines and configure the data inputs that you want to collect.
  • Go to "Manager>>Forwarding and receiving>>Configure forwarding"
  • Click on "New"
  • Enter the SPlunk hostname or IP and the port number as above. (e.g. Splunkserver:9000 or 192.168.1.100:9000)

You have now set up a forwarder on that Windows machine that will collect data and can be configured via the web interface. You can disable the Web UI by making the Splunk instance on the Windows machine a Light Weight Forwarder. This can be done by going to "Manager>>Forwarding and receiving>>Enable light forwarding" You will see a warning message that the web UI will be disabled and that Splunk will only be accessible via the CLI interface (command line shell on Windows) for further configuration.

Reply
Solved! Jump to solution

sloshburch
Splunk Employee
Splunk Employee
‎05-02-2019 05:44 AM

Since this post is old, I'll add to the answer some updated links that could help:
* How do I get basic performance data for my Windows systems?
* What are the best practices for installing Splunk on Windows endpoints?

You may see more within the validated_best-practice tag and within the official product documentation.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...