...ther servers withwindowseventlogs being sent to the same linux splunkenterprise but those are using the regular [WinEventLog://Application] input. Why does this happen and how can i get our logs s...
I'm using SplunkEnterprise 9 on Windows Server 2019 and monitoring a simple log file that has CRLF lines endings and is encoded as UTF8. My inputs stanza is as follows: [monitor://c:\windows...
...ar:
I have created a new index for these logs called "windows_iis" - all other settings as default.
Installed the Microsoft Add-on for Microsoft IIS on my SplunkEnterprise instance (combined S...
I have just installed SplunkEnterprise on Windows 7 enterprise (64 bit operating system).
After finishing the install process using the default option, the splunk does not start. I could not f...
...'ve defined custom sourcetypes as directed in the docs
Specify source type for an input
You can assign the source type for data coming from a specific input, such as /var/log/. If you have SplunkEnterprise...
...s actually *.log):
[monitor://C:\inetpub\logs\LogFiles\W3SVC1\star.log]
index = iis
sourcetype = ms:iis:default
disabled = false
Event break are all chopped up. I looked at the source data...
...ight after getting SplunkEnterprise installed on their local machine. It can be daunting to log into Splunk for the first time and know what the heck you should do. A person can get through the i...
I'm using splunkenterprise on a local windows based system.
I have a file reader configured to watch a directory where I dump logs and folders of logs.
c:\logs\*\*.log
All folders a...
...s configured with a static IP. I'm wondering if anyone can point me to a checklist or document that will outline the steps necessary to be able to get Windowseventlogdata from my desktops into Splunk...
...ddress)
The Syslog Server has the Splunk Universal Forwarder installed as is configured to for output WindowsEventLogs.
The inputs.conf file has the following added in addition to the event...