Hi, I have Splunk set up on my workstation, but do not want to monitor the workstation itself. I have gone to Manager » Data inputs » Event log collections » localhost, and cleared all selected logs (application, security, and system), and hit save. When I go back there, however, these three logs are back in the Selected Log(s) box. I have disabled all other data inputs, but still, I get events for my workstation. Am I doing something wrong? Do I need to send these events to a nullqueue, as described in the link below? http://docs.splunk.com/Documentation/Splunk/4.2.4/Deploy/Routeandfilterdatad Thanks, Kevin ... View more

Hi, I'm assuming I'm missing something really basic, so here goes: I have data being indexed in splunk, in an index called "windows" (suggested for the Windows Security Operations Center app). I can go to the main search window in splunk, and I can see the events that I would expect to see in the app, but I don't see any data at all in the app. The same goes for the PCI compliance app, and the windows app. Searches just show "no results found" Any insight as to where I'm going wrong would be greatly appreciated. Thanks, Kevin ... View more

Hi, sorry for the novice question, but I currently have two main interests in Splunk. I would like to use both the PCI compliance app, and the Windows Security Operations Center app. Can anyone point me towards some articles which tell me what events I need to start logging in my windows domains to get the information I need? I have both a server 2003 domain, and a separate server 2008 domain. Thanks, Kevin ... View more

Sorry if I'm missing something terribly obvious, but is there specific documentation for the Splunk for Windows app downloadable here: http://splunk-base.splunk.com/apps/22315/splunk-for-windows Thanks, Kevin ... View more