Getting Data In

I'm looking for some assistance/guidance with a home installation of Splunk...

amazack
Engager

Hey there Splunk gurus. I'm very new to Splunk and hoping for a little guidance.

I have Splunk Enterprise with the perpetual free license installed on a CentOS 7 VM on my home network. The VM is configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windows event log data from my desktops into Splunk. One of my desktops is running Win 7 Ultimate, and the other is running Win 7 Pro. My home network is not a domain environment.

I'd also like to be able to get the syslog data from my dd-wrt router and my tomato access point into splunk, but I seem to be overlooking one or more configuration options in the Home Monitor App. Of course, that's a challenge for another day... 😉

I've seen articles regarding the Universal Forwarder, the Splunk Add-on for Windows, and the Send to Indexer app. Are all of these required, or am I falling into the rabbit hole?

I'd like to be able to start playing around with Splunk so I can become familiar with some of the basis ins & outs. I'd be supremely appreciative of any assistance or guidance that anyone can provide.

Tags (1)
0 Karma
1 Solution

davebrooking
Contributor

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

View solution in original post

amazack
Engager

Thanks, Dave. My Windows boxes are sending data to my indexer, so all is fantastic.

0 Karma

davebrooking
Contributor

The only thing you must have is a Universal Forwarder on the Windows systems. You don't need any apps or add-ons, they can be useful in giving you a head start, but they're not necessary.

The "Getting Data In" documentation has a section on collecting Windows events logs using a forwarder.

The "Forwarder" documentation has a section on setting up forwarding/receiving

Dave

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...