Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Configuration Windows logs with Splunk Cloud- Unable to view logs

fhirata1
Engager
‎07-07-2022 01:17 PM

Good afternoon. We currently have our Splunk cloud receiving logs from firewall, office 365 and azure. And now we want to send windows logs, but when installing the universal forwarder on the windows machine, we are not able to view the logs in the splunk cloud. We can see that the collector is receiving the logs, but we don't see it in the splunk cloud. According to the images, the host is correct, but we are not receiving the correct index logs. Could someone please help?

Captura de tela 2022-07-07 171233.pngCaptura de tela 2022-07-07 171246.png
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2022 05:19 AM

Check the settings in inputs.conf on the UF.  The index setting may be incorrect or missing, leading to data being sent to the lastchangeindex index.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

fhirata1
Engager
‎07-08-2022 08:15 AM

Thank you Rich.

It worked out.

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2022 08:19 AM

To help future readers, please share how you worked it out.  Then accept that answer as a solution.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-08-2022 05:19 AM

Check the settings in inputs.conf on the UF.  The index setting may be incorrect or missing, leading to data being sent to the lastchangeindex index.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...