Splunk Enterprise

How to ingest exported sysmon logs to Splunk?


Hello Guys

I'm trying to ingest exported sysmon logs file to Splunk. I got the file from Splunk attack_data repository. I have already installed Microsoft sysmon add-ons.

Splunk attack_data's link: 


Every time when I choose xmlWinEventLog:Microsoft-Windows-Sysmon/Operational as a source type, it gives me error Not found.  appreciate your support, how can I ingest exported sysmon logs to splunk?


Thanks, Awni

Labels (1)
0 Karma


Did you ever find a solution for this? Looking at the below documentation it seems that this is not supported https://docs.splunk.com/Documentation/Splunk/9.1.2/Data/Uploaddata

0 Karma


On which Splunk instance(s) did you install the sysmon add-ons?

There is no link in the question.

What exactly are you trying to do when you choose xmlWinEventLog:Microsoft-Windows-Sysmon/Operational as a source type?  What are you choosing it from?  Which Splunk instance are you using at the time?

If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...