Getting Data In

How to utilize Splunk Enterprise to perform automated audits on Windows event logs on a standalone environment?

New Member

Trying to use Splunk Enterprise as a tool to perform automated auditing of my event logs. I have a couple standalone PCs and am required to perform bi-weekly audits. Would love to be able to have this process automated.

Does anyone have "laymen" instructions on how to accomplish this task?

0 Karma

Influencer

You should take the time first to run through the Splunk tutorial here: http://docs.splunk.com/Documentation/Splunk/6.3.3/SearchTutorial/WelcometotheSearchTutorial This will give you some familiarity with how splunk works and how to get data into it.

In terms of how to achieve your audit that is really going to depend on what you need audited! If you're just getting a list of logins for two PCs I would probably suggest Splunk is overkill. Instead you can just connect to the event viewer on each PC and run a search.

If you do want to go down the Splunk route have a look at this prebuilt collection of inputs and dashboards: http://docs.splunk.com/Documentation/WindowsAddOn/4.8.1/User/AbouttheSplunkAdd-onforWindows

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!