Getting Data In

I'm looking for some assistance/guidance with a home installation of Splunk...

amazack
Engager

Hey there Splunk gurus. I'm very new to Splunk and hoping for a little guidance.

I have Splunk Enterprise with the perpetual free license installed on a CentOS 7 VM on my home network. The VM is configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windows event log data from my desktops into Splunk. One of my desktops is running Win 7 Ultimate, and the other is running Win 7 Pro. My home network is not a domain environment.

I'd also like to be able to get the syslog data from my dd-wrt router and my tomato access point into splunk, but I seem to be overlooking one or more configuration options in the Home Monitor App. Of course, that's a challenge for another day... 😉

I've seen articles regarding the Universal Forwarder, the Splunk Add-on for Windows, and the Send to Indexer app. Are all of these required, or am I falling into the rabbit hole?

I'd like to be able to start playing around with Splunk so I can become familiar with some of the basis ins & outs. I'd be supremely appreciative of any assistance or guidance that anyone can provide.

Tags (1)
0 Karma
1 Solution

davebrooking
Contributor

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

View solution in original post

amazack
Engager

Thanks, Dave. My Windows boxes are sending data to my indexer, so all is fantastic.

0 Karma

davebrooking
Contributor

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...