Does the "WindowsEvent Log(Multiline)" data source in UBA support event logs in native language(non English). For example Norwegian? If it is not supported how can we add this data toUBA?
...t to be seen in my data in Splunk
This is what it looks like in Splunk:
I expect to also have the same data as what I have in my source
Any idea what happened and how can I t...
OS version : Windows 10
We want upload a saved windowsevent logs file (.evtx) toSplunk. Splunk assigned "Preprocess-winevt" source type at the
step (Set Source Type) of "Add Data" p...
I have a clustered environment with SplunkAdd-on for Microsoft Windows deployed to Indexers, Search Heads and Universal Forwarders.
I have an additional application deployed to Indexers and S...
I've been collecting data using Splunk's perfmon modular input as per SplunkAdd-on for Microsoft Windows. Yet after I deployed the SplunkAdd-on for Infrastructure, I no longer see any event data....
I have several machines being monitored with perfmon, and I am struggling to figure out how to limit the amount of logs coming in.
Here is the perfmon section of inputs.conf in SplunkAdd-on for M...
Hi everybody,
Is it possible to use the SplunkAdd-On for Microsoft Windows when the indexers and search heads are all running on Linux? We have a group of people who want to collect Windows l...
I have installed the SplunkAdd-on for Microsoft Windows and have below settings in inputs.conf, but I'm still unable to see the security logs. I checked on the Windows and Active Directory servers a...
I have a distributed deployment and use a Universal Forwarder on Windowsto get the event logs and performance information into indexers. After deploying the Splunk_TA_windows to the Windows c...
Good afternoon! SplunkAdd-on for Microsoft Windows version 8.0.0 Splunk TA Windows, generates a data source without a domain name, i.e. just a host name. How can I bulk configure to display h...