Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Reading WindowsEvent logs from UNC path

AndreasLP
Explorer
‎09-08-2012 02:59 PM

Hi,

I have some issues with setting up Splunk to read a WindwsEvent file stored on a network share. It seems like the setup is fine, but no files shows up in Splunk and nothing is indexed.

From the exact same destination I'm able to read windows update logs without any problems, so it shouldn't be any problems with the credentials. All files have the same permissions.

Since this is my first tme setting up Splunk I hope i have made some simple misstake which is easily fixed.

Tags (2)
0 Karma
Reply

neklov_splunk
Splunk Employee
Splunk Employee
‎09-08-2012 03:12 PM

Have you taken a look here: http://docs.splunk.com/Documentation/Splunk/latest/Data/Monitorwindowsdata

Reply

AndreasLP
Explorer
‎09-10-2012 05:50 AM

It turned out I was restricted by a very exotic Group Policy Setting. When that was corrected, everything works fine.

Thanks for all the answers and quick help!

0 Karma
Reply

MarioM
Motivator
‎09-09-2012 02:14 AM

Adding to the above the splunk which has access to the unc path need to be installed on Windows Vista, 7 or Server 2008/2008 R2 to read .evtx

0 Karma
Reply

MarioM
Motivator
‎09-09-2012 02:06 AM

what neklov_splunk was pointing to is the this part of the doc:
http://docs.splunk.com/Documentation/Splunk/4.3.3/Data/MonitorWindowsdata#Index_exported_event_log_....

Reply

AndreasLP
Explorer
‎09-08-2012 03:55 PM

All access to the server is firewalled except for the network share where the logs are put as evtx files. I'm not allowed to connect directly to the originator. The files on the share are file dumps from the event log.

Reply

neklov_splunk
Splunk Employee
Splunk Employee
‎09-08-2012 03:49 PM

What access path is restricted?

0 Karma
Reply

AndreasLP
Explorer
‎09-08-2012 03:43 PM

Unfortunately that access path is restricted, I have only the UNC path to work with 😞

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...