Splunk server running on Win2008 R2 Server not sho...

wy1z · ‎04-17-2012

My setup involved 4 VMs - RHEL 5.6, Windows 7 Enterprise, Windows Server 2008 R2, and Windows XP w/SP3.

Splunk server is installed on the Win 2008 box, and the SUF is installed on the other systems.

The issue I have is the 2008 server logs are NOT showing up in Splunk (which is where Splunk is installed to begin with).

Any help would be most appreciated.

Scott

tgow · ‎04-17-2012

What user are you running Splunk as?

Have you selected the Event Logs that you want to monitor?

Manager-->Data Inputs-->Local event log collection

Make sure that the desired event log channels are selected in Splunk Web or properly configured in inputs.conf.

Make sure to select fewer than 64 event log channels per event log input.

Make sure that you are not attempting to index exported event logs that are incompatible with the indexing system (for example, attempting to index event logs exported from a Windows Server 2008 computer on a Windows XP computer will result in missing log data).

Make sure that, if you are monitoring non-standard event log channels, that you have the appropriate dynamic linked libraries (DLLs) that are associated with that event log channel. This is particularly important when indexing exported log files from a different computer.

Splunk server running on Win2008 R2 Server not showing R2 Logs

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation