Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help getting into Local event log collection

Divinstar
Explorer
‎10-11-2025 03:56 AM

-I downloaded Splunk enterprise on my windows. I set it up and then i go into settings -> data inputs -> Local event log collection and I press Edit. and it says page not found. I saw tutorials and videos and everyone seem to have it work right after installation. I still tried to do different things with the help of AI. Add microsoft TA add on, add an inputs.config etc etc..... still im getting the same things. pls help me outimage.png

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

marnall
Motivator
‎10-11-2025 06:54 AM

It seems there is something wrong with the web UI interface for adding Windows Event Logs from the local machine in Splunk Enterprise 10.0.1 for Windows. I installed it on a test machine and am getting the same error as you.

I suggest uninstalling the current version and installing an older version of Splunk Enterprise for Windows. In the download page for Splunk Enterprise, there is a link for "Previous Releases."

The video you linked is demonstrating on version 9.0.2 which is no longer available, but you can install version 9.1.2 from the previous releases page. I tested this version and the link for "Local event log collection" on the Data inputs page works.

Once you get familiar with editing Windows Event Log inputs.conf configurations, then you can upgrade your Splunk instance back to 10.x. Or perhaps Splunk will have fixed the webUI for Windows Eventlog data input in a future release.

View solution in original post

Reply
Solved! Jump to solution

Divinstar
Explorer
‎10-11-2025 04:54 AM

Yes, my user has the admin role, i checked.

No i cannot navigate to the url u have mentioned , it says "Unable to locate the configuration for this URL."

For reference im following this utube video and this is what im tryna do https://youtu.be/3CiRs6WaWaU?si=VhOi2zNYwmIPn4KV

0 Karma
Reply
Solved! Jump to solution
Solution

marnall
Motivator
‎10-11-2025 06:54 AM

It seems there is something wrong with the web UI interface for adding Windows Event Logs from the local machine in Splunk Enterprise 10.0.1 for Windows. I installed it on a test machine and am getting the same error as you.

I suggest uninstalling the current version and installing an older version of Splunk Enterprise for Windows. In the download page for Splunk Enterprise, there is a link for "Previous Releases."

The video you linked is demonstrating on version 9.0.2 which is no longer available, but you can install version 9.1.2 from the previous releases page. I tested this version and the link for "Local event log collection" on the Data inputs page works.

Once you get familiar with editing Windows Event Log inputs.conf configurations, then you can upgrade your Splunk instance back to 10.x. Or perhaps Splunk will have fixed the webUI for Windows Eventlog data input in a future release.

Reply
Solved! Jump to solution

Divinstar
Explorer
‎10-11-2025 08:53 AM

Thank you so much man. It worked I went to an older version 9.4.5 and it works for me. 

0 Karma
Reply
Solved! Jump to solution

marnall
Motivator
‎10-11-2025 04:07 AM

I have a linux installation but it still lets me load https://127.0.0.1:8000/en-US/manager/search/manage_system_config/win_event_log_collections?entity=lo... even if it says "Operating system not supported for this page."

Some questions:

1. Does your logged in user (divin) have privileges to add inputs and therefore access this page? Try it again with an administrative user just to rule out permission issues.

2. Are you able to load any other URLs like /en-GB/manager/manage_system_config , or does it still return 404 not found?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

If you’re unfamiliar, .conf is Splunk’s premier event where the Splunk community, customers, partners, and ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...