So for our Final year project we have been assigned the project of implementing DDOS and detecting it with Splunk
Now our issue is that we are not getting any logs from the Splunk's ADD DATA INPUT option of Local Windows Networking Monitoring which seems to work for the video I was following to do that

Context of DDOS: 
SO we are using hping3 tcp syn flood attack but their logs aren't getting in through my newly added data input source 
All the other network logs are generating like network from my gcp to rdp to server and back
but these are the only type of logs that are showing
Now if I were to guess the problem it might be that there are two IP provided to us by GCP
Internal and External IP
I've attacked on both but there is no difference in the incoming LOGS
I've checked the connectivity between the two VM's on GCP i.e. Win and Ubuntu 
using ping and telnet 
Also have turned off the rdp win's firewall
also added a firewall rule that allows ingress tcp packets over the port 80 and 21 (which we are attacking on)
So my guess ultimately is that the server of GCP is blocking these type of packets
I'm still not sure how all these things work(I'm a AI dev you see this is not my field)
SO Please help me if you can and have time to!|
THANK YOU for reading my question and taking your time for doing it

IF you have any other questions that you need the answers for to help me be free to ask away as much you guys want