Hello All, I have set up theSplunkAdd-On and Splunk App for Unix and Linux. Data is flowing properly however I am having an issue with alerts. I am trying to set up alerts for various things to s...
This question deals with identifying fields within events from a windows event log (i.e. the Application, System or Security log) manually exported from thewindows EventVwr.
I know I can use a Splunk...
Hello Splunk Community, I'm encountering an issue with a custom app I've developed forSplunk. The app is designed to collect and analyze data from various sources, and it has been working p...
Hi, I am trying to look up data related to EventCode="4662", but it does not show in Splunk. Additionally I checked inputs.conf onthe indexer and it was not present, I copied inputs.conf from d...
We have a distributed splunk (8.x) environment on-prem, with CM and 3 peers, 2 SH, 1 deployment server, and many clients.
Onon of my Windows 10 clients, I have a csv file that gets new d...
Good afternoon! SplunkAdd-onfor Microsoft Windows version 8.0.0 Splunk TA Windows, generates a data source without a domain name, i.e. just a host name. How can I bulk configure to display h...
...lients. For parsing windows logs thewindowsadd-on is used which also provides a specific sourcetype. The problem is that forWindows clients we are unable to filter authentication events for: - S...
We are monitoring for specific Windows events on our Domain Controllers.
Inputs.conf looks like this:
[WinEventLog://Security]
disabled = 0
index = winevents
start_from = oldest
c...
...utput from command =
Oneshot 'C:\Program Files\SplunkUniversalForwarder\bin\recovery\l21\20131213_153
013\l21.almlog' added
Time passes and the data from the file doesn't appear in the i...