Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I'm looking for some assistance/guidance with a home installation of Splunk...

amazack
Engager
‎05-17-2017 05:44 PM

Hey there Splunk gurus. I'm very new to Splunk and hoping for a little guidance.

I have Splunk Enterprise with the perpetual free license installed on a CentOS 7 VM on my home network. The VM is configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windows event log data from my desktops into Splunk. One of my desktops is running Win 7 Ultimate, and the other is running Win 7 Pro. My home network is not a domain environment.

I'd also like to be able to get the syslog data from my dd-wrt router and my tomato access point into splunk, but I seem to be overlooking one or more configuration options in the Home Monitor App. Of course, that's a challenge for another day... 😉

I've seen articles regarding the Universal Forwarder, the Splunk Add-on for Windows, and the Send to Indexer app. Are all of these required, or am I falling into the rabbit hole?

I'd like to be able to start playing around with Splunk so I can become familiar with some of the basis ins & outs. I'd be supremely appreciative of any assistance or guidance that anyone can provide.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

View solution in original post

Reply
Solved! Jump to solution

amazack
Engager
‎05-21-2017 04:37 PM

Thanks, Dave. My Windows boxes are sending data to my indexer, so all is fantastic.

0 Karma
Reply
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...