Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About mark320i
mark320i
New Member
Member since:
01-25-2015
06-05-2020
Community Statistics
| Posts | 6 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 01-25-2015 |
Activity Feed
- Posted Re: Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 10:12 AM
- Posted Re: Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 09:52 AM
- Posted Re: Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 09:09 AM
- Posted Re: Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:55 AM
- Posted Re: Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:52 AM
- Posted Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:18 AM
- Tagged Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:18 AM
- Tagged Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:18 AM
- Tagged Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:18 AM
- Tagged Why am I receiving no WinEventlog:Security events from the universal-forwarder? on Getting Data In. 02-21-2015 07:18 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
02-21-2015
10:12 AM
I did find reference to this in the inputs.conf edit doc, what is interesting is this seems to be a default setting. Do you know why it did not work? Is this an issue with Splunk or the OS that requires it to be specifically listed?
... View more
02-21-2015
09:52 AM
First THANKS!!!!
where is this documented in the Splunk manuals???
... View more
02-21-2015
09:09 AM
I am receiving Security events from the Indexer which I use a Universal forwarder to send events to itself instead of point to the files. I am still not seeing Security events from the standalone Windows2008R2 Server. As before I am still getting the setup event, performance events but no security events.
Is a trusted certificate required for this transaction? I did not configure that part of the Universal Forwarder.
... View more
02-21-2015
07:55 AM
I just received this error message on the indexer.
received event for unconfigured/disabled/deleted index='indexname' with source='source::WinEventLog:Security' host='host::ASUS' sourcetype='sourcetype::WinEventLog:Security' (2 missing total)
... View more
02-21-2015
07:52 AM
Thanks for the response!!
I am assuming that I am adding this to the Universal forwarder inputs.conf file? I did go ahead and add the text and have restarted twice. I had a similar statement but disabled = false previously. Still no success.
... View more
02-21-2015
07:18 AM
I am new to Splunk trying to fill in for someone that has left the company and the company could not afford to continue service this time around.
I am trying to read Event ID 4625 and 4624. What I am noticing is that I am getting NO Security events. I do however receive Setup events. I am using the Universal Forwarder to get events from Windows 7 and Server 2008 R2 machines. At home I am using Workgroup and at Work a Domain, same results on both.
As for the search I enter the following: sourcetype=WinEventLog:S*
I also enter in 4625* OR 4624*
I can view the events via the Event View so I know the machine in question has the events. Just need to track to see if it is leaving the target machine and going to the indexer and then if the indexer is for some reason filtering the events.
Splunk version 6.0.182037
Splunk Universal Forwarder 6.2.1-245427
Any help or pointing to docs would be helpful. I have been reading a lot of the posts trying things, but nothing seems to help and I am running out of time!!
Thanks in Advance.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
