Solved: Configuration Windows logs with Splunk Cloud- Unab...

fhirata1 · ‎07-07-2022

Good afternoon. We currently have our Splunk cloud receiving logs from firewall, office 365 and azure. And now we want to send windows logs, but when installing the universal forwarder on the windows machine, we are not able to view the logs in the splunk cloud. We can see that the collector is receiving the logs, but we don't see it in the splunk cloud. According to the images, the host is correct, but we are not receiving the correct index logs. Could someone please help?

richgalloway · ‎07-08-2022

Check the settings in inputs.conf on the UF. The index setting may be incorrect or missing, leading to data being sent to the lastchangeindex index.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

fhirata1 · ‎07-08-2022

Thank you Rich.

It worked out.

richgalloway · ‎07-08-2022

To help future readers, please share how you worked it out. Then accept that answer as a solution.

---
If this reply helps you, Karma would be appreciated.

richgalloway · ‎07-08-2022

Check the settings in inputs.conf on the UF. The index setting may be incorrect or missing, leading to data being sent to the lastchangeindex index.

---
If this reply helps you, Karma would be appreciated.

Configuration Windows logs with Splunk Cloud- Unable to view logs

using Splunk Cloud

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?