Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

I'm looking for some assistance/guidance with a home installation of Splunk...

amazack
Engager
‎05-17-2017 05:44 PM

Hey there Splunk gurus. I'm very new to Splunk and hoping for a little guidance.

I have Splunk Enterprise with the perpetual free license installed on a CentOS 7 VM on my home network. The VM is configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windows event log data from my desktops into Splunk. One of my desktops is running Win 7 Ultimate, and the other is running Win 7 Pro. My home network is not a domain environment.

I'd also like to be able to get the syslog data from my dd-wrt router and my tomato access point into splunk, but I seem to be overlooking one or more configuration options in the Home Monitor App. Of course, that's a challenge for another day... 😉

I've seen articles regarding the Universal Forwarder, the Splunk Add-on for Windows, and the Send to Indexer app. Are all of these required, or am I falling into the rabbit hole?

I'd like to be able to start playing around with Splunk so I can become familiar with some of the basis ins & outs. I'd be supremely appreciative of any assistance or guidance that anyone can provide.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

View solution in original post

Reply
Solved! Jump to solution

amazack
Engager
‎05-21-2017 04:37 PM

Thanks, Dave. My Windows boxes are sending data to my indexer, so all is fantastic.

0 Karma
Reply
Solved! Jump to solution
Solution

davebrooking
Contributor
‎05-19-2017 02:31 AM

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

🍂 Fall into November with a fresh lineup of Community Office Hours, Tech Talks, and Webinars we’ve ...

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...