Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to import sysmon logs to Splunk?

onurasln55
Explorer
‎09-02-2023 08:52 AM

I choose source from forwarded input selection to input in splunk. I can't see sysmon in logs from source. I made the inputs.conf setting via forwarder, unfortunately I couldn't see it again. I have logs. There are forwarders. My other logs are coming. The sysmon log is not coming.

I would appreciate your help.

forwarded event.png

 

not sysmon log 

not systmon.png 

inputconf.pngsysmon log.pnglog name.png

Labels (2)
Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

onurasln55
Explorer
‎09-14-2023 07:55 AM

I found a solution by editing the inputs.conf file as follows.

 

[WinEventLog://Microsoft-Windows-Sysmon/Operational]
disabled = false
renderXml = true
index= sysmon
source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

onurasln55
Explorer
‎09-14-2023 07:55 AM

I found a solution by editing the inputs.conf file as follows.

 

[WinEventLog://Microsoft-Windows-Sysmon/Operational]
disabled = false
renderXml = true
index= sysmon
source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
0 Karma
Reply
Solved! Jump to solution

smurf
Communicator
‎09-04-2023 02:06 AM

Hi,

Did you check your default index? It would be main if you didn't change it.

smurf

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...