I can't find "Local event log collection" on my Sp...

daniel99 · ‎11-27-2024

I am trying to configure Splunk to ingest only application, system and security logs from my local machine. But I can't find "Local event log collection" on my Splunk enterprise on my MacBook.

But on my former laptop, which was a windows OS, I could find the "Local event log collection" option in the data input section.

Please how can I go about this?

isoutamo · ‎11-27-2024

Hi

Are you trying to collect macOS logs or Windows logs?

If you are trying those from macOS, there are logd input method which you could try. Unfortunately there is some issues with current splunk versions with it (see https://community.splunk.com/t5/Getting-Data-In/Wrong-parameters-on-macOS-and-logd-input/td-p/702261). Until splunk fix this you must use e.g. TA for nix or use your own scripts to use "log show" command with correct parameters.

r. Ismo

gcusello · ‎11-27-2024

Hi @daniel99 ,

did you installed the Splunk_TA_Windows ( https://splunkbase.splunk.com/app/742 ) on your Splunk?

Ciao.

Giuseppe

I can't find "Local event log collection" on my Splunk enterprise on my MacBook.

Mac

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation