Reporting
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

WinEventLog

Jeronimo317
Explorer
‎07-21-2020 02:04 PM

Hi team, the issue that I am currently experiencing is that WinEventLog not sending data to the main index . I am new to Splunk and so far have not been able to figure out the reason. Thoughts?

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-27-2020 05:33 AM

Good!

If your isse was solved, please accept the answer for the other people of the Community.

Ciao and Next Time!

Giuseppe

P.S.: Karma Points are appreciated 😉

View solution in original post

Reply
Solved! Jump to solution

anilchaithu
Builder
‎07-21-2020 02:28 PM

@Jeronimo317 

what is your setup? Are you trying to forward wineventlog from remote server to splunk using universal forwarder?

Please make sure you have the following configurations in place

  • open port 9997 on receiving instance
  • configure outputs.conf on UF to send data to splunk indexer
  • open network connection (for port 9997) between remote server & splunk instance

Please refer below page for more details

https://docs.splunk.com/Documentation/Forwarder/8.0.5/Forwarder/HowtoforwarddatatoSplunkEnterprise 

Hope this helps

0 Karma
Reply
Solved! Jump to solution

Jeronimo317
Explorer
‎07-27-2020 05:20 AM

Hi @gcusello and @anilchaithu , thank you for your help I figured out the issue. Turned out that the index was not specifically set in the input.conf and by default the ingest was going to main as oppose to wineventlog. Seems to be OK now. Thanks again 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-27-2020 05:33 AM

Good!

If your isse was solved, please accept the answer for the other people of the Community.

Ciao and Next Time!

Giuseppe

P.S.: Karma Points are appreciated 😉

Reply
Solved! Jump to solution

Jeronimo317
Explorer
‎07-22-2020 05:25 AM

Are you trying to forward wineventlog from remote server to splunk using universal forwarder? - Yes, and it has been working fine. Suddenly I stopped seeing WinEventLog sending data to the main index. What could be a reason and how can I troubleshoot? Thanks

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-22-2020 05:41 AM

Hi @Jeronimo317,

which Technical Add-On are you using?

See in the inputs.conf if there's an index (usually wineventlog).

Ciao.

Giuseppe

0 Karma
Reply
Solved! Jump to solution

Jeronimo317
Explorer
‎07-22-2020 06:27 AM

Hi gcusello, I am not sure what do you mean by which Technical Add-on?

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎07-22-2020 06:38 AM

Hi @Jeronimo317,

did you created your own inputs.conf or did you take the Splunk_TA_Windows to take the logs from wineventlog?

Index is usually assigned in inputs.conf, so you should see in the active inputs.conf what's the index assignment.

From your answer I suppose that you didn't used the TA but the web gui inputs configuration; if this is your situation, see in the inputs configuration [Settings -- Inputs] what's the index assignment. 

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...