Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I'm looking for some assistance/guidance with a home installation of Splunk...

amazack
Engager
‎05-17-2017 05:44 PM

Hey there Splunk gurus. I'm very new to Splunk and hoping for a little guidance.

I have Splunk Enterprise with the perpetual free license installed on a CentOS 7 VM on my home network. The VM is configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windows event log data from my desktops into Splunk. One of my desktops is running Win 7 Ultimate, and the other is running Win 7 Pro. My home network is not a domain environment.

I'd also like to be able to get the syslog data from my dd-wrt router and my tomato access point into splunk, but I seem to be overlooking one or more configuration options in the Home Monitor App. Of course, that's a challenge for another day... 😉

I've seen articles regarding the Universal Forwarder, the Splunk Add-on for Windows, and the Send to Indexer app. Are all of these required, or am I falling into the rabbit hole?

I'd like to be able to start playing around with Splunk so I can become familiar with some of the basis ins & outs. I'd be supremely appreciative of any assistance or guidance that anyone can provide.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

View solution in original post

Reply
Solved! Jump to solution

amazack
Engager
‎05-21-2017 04:37 PM

Thanks, Dave. My Windows boxes are sending data to my indexer, so all is fantastic.

0 Karma
Reply
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...