Hello, I am new to the Splunk interface and I have been recently given a task to configure Splunk to monitor the following non-default Windows event log:
Log Name: Microsoft-A...
Good afternoon! Splunk Add-on for Microsoft Windows version 8.0.0 Splunk TA Windows, generates a data source without a domainname, i.e. just a host name. How can I bulk configure to display h...
I have a fresh install of 7.0.x in our QA environment to test with. I have an indexer/search head/deployment server running on a RHEL7 box. I have one Universal Forwarder on a WindowsServer 2012 R...
...ead server OS difference, the other difference is what Splunk uses for hostname: On Linux it is the fully qualified DNS name, in Windows, it's just the hostname part without the domain.
The error I a...
Hello,
I'm currently working on configuring SSL from a UF sitting on a Windowsserver to a HF running on RHEL 7. I am using third party certs that I obtained from my lab windows PKI e...
I installed a Splunk Universal Forwarder on a WindowsServer 2012R2 using following command:
msiexec.exe /i splunkforwarder-6.3.2-aaff59bb082c-x64-release.msi LOGON_USERNAME="domain\account" L...
...ailed, and logout.
I have configured the PROPS file on the server as follows:
[default]
[csv]
CHECK_FOR_HEADER = false
[WinEventLog:Security]
# MODIFICARE: Filtro sugli gli eventi WinEventLog S...
...HOULD_LINEMERGE = False
CHECK_FOR_HEADER = True
We are running Splunk 5.0.2 on UNIX. Logs are being forwarded with the current forwarder from a Windows 2008 box.
...inevtlog - WinEventLogChannel::init: Failed to bind to DC, dc_bind_time=0 msec
However, my understanding was the default windows install should be configuring outputs.conf for me? Also, I'm not sure w...
Hello Everyone,
I have a service account that I need to configure to collect WMI data from domain controllers. This account can't be an admin on the domain controller, so am trying to provide l...