Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help getting into Local event log collection

Divinstar
Engager
Saturday

-I downloaded Splunk enterprise on my windows. I set it up and then i go into settings -> data inputs -> Local event log collection and I press Edit. and it says page not found. I saw tutorials and videos and everyone seem to have it work right after installation. I still tried to do different things with the help of AI. Add microsoft TA add on, add an inputs.config etc etc..... still im getting the same things. pls help me outimage.png

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

marnall
Motivator
Saturday

It seems there is something wrong with the web UI interface for adding Windows Event Logs from the local machine in Splunk Enterprise 10.0.1 for Windows. I installed it on a test machine and am getting the same error as you.

I suggest uninstalling the current version and installing an older version of Splunk Enterprise for Windows. In the download page for Splunk Enterprise, there is a link for "Previous Releases."

The video you linked is demonstrating on version 9.0.2 which is no longer available, but you can install version 9.1.2 from the previous releases page. I tested this version and the link for "Local event log collection" on the Data inputs page works.

Once you get familiar with editing Windows Event Log inputs.conf configurations, then you can upgrade your Splunk instance back to 10.x. Or perhaps Splunk will have fixed the webUI for Windows Eventlog data input in a future release.

View solution in original post

Reply
Solved! Jump to solution

Divinstar
Engager
Saturday

Yes, my user has the admin role, i checked.

No i cannot navigate to the url u have mentioned , it says "Unable to locate the configuration for this URL."

For reference im following this utube video and this is what im tryna do https://youtu.be/3CiRs6WaWaU?si=VhOi2zNYwmIPn4KV

0 Karma
Reply
Solved! Jump to solution
Solution

marnall
Motivator
Saturday

It seems there is something wrong with the web UI interface for adding Windows Event Logs from the local machine in Splunk Enterprise 10.0.1 for Windows. I installed it on a test machine and am getting the same error as you.

I suggest uninstalling the current version and installing an older version of Splunk Enterprise for Windows. In the download page for Splunk Enterprise, there is a link for "Previous Releases."

The video you linked is demonstrating on version 9.0.2 which is no longer available, but you can install version 9.1.2 from the previous releases page. I tested this version and the link for "Local event log collection" on the Data inputs page works.

Once you get familiar with editing Windows Event Log inputs.conf configurations, then you can upgrade your Splunk instance back to 10.x. Or perhaps Splunk will have fixed the webUI for Windows Eventlog data input in a future release.

Reply
Solved! Jump to solution

Divinstar
Engager
Saturday

Thank you so much man. It worked I went to an older version 9.4.5 and it works for me. 

0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
Saturday

I have a linux installation but it still lets me load https://127.0.0.1:8000/en-US/manager/search/manage_system_config/win_event_log_collections?entity=lo... even if it says "Operating system not supported for this page."

Some questions:

1. Does your logged in user (divin) have privileges to add inputs and therefore access this page? Try it again with an administrative user just to rule out permission issues.

2. Are you able to load any other URLs like /en-GB/manager/manage_system_config , or does it still return 404 not found?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...