Hi Alepy, you will need a universal forwarder on your machine which you want to monitor and your machine with Splunk Enterprise on it needs to listen on a port where your data is sent to. 1. Enable a listening port in Splunk Web on your receiving machine: Settings -> Forwarding and receiving -> Configure receiving: Add new -> Give it a listening port ( for example: 9997 ) 2. Install a windows universal forwarder on your system where you want to collect your logs. During the installation process you will be asked to input the address of your receiving indexer:  IP:9997. There will also be a step where you can already enable windows event and performance logging. You should leave this one empty and finish the installation. 3. Go to Splunkbase and download "Splunk Add-On for Microsoft Windows". It is free to use. Under details you can find a link to the documentation of that Add-On which will help you with installation. 4. After you completed those steps your data should be forwarded to your virtual machine and you can investigate it. To make it easier you can also install the "Splunk App for Windows infrastructure". This will enhance your Splunk Web experience with pre configured dashboards and virtualizations. ... View more

Hi Alepy, for this task you will need a universal forwarder on the machine that will be sending the data and the receiving machnine will need to listen on a port you are sending the data to. Im assuming from your last post that you want to send the logs from your local Windows system to the Windows system on your virtual box. 1. Make sure you the systems can find each other in the network. 2. Log into your Splunk Enterprise system on your Virtual Box and go to "Settings" -> "Forwarding and receiving" -> "Configure receiving" -> "New receiving port". Give it port 9997 and confirm.   3. Download a Windows universal forwarder on and install it on your machine which you want to monitor. You can find the download to the windows forwarder here: https://www.splunk.com/de_de/download/universal-forwarder.html Installation tutorial: https://docs.splunk.com/Documentation/Forwarder/8.0.4/Forwarder/InstallaWindowsuniversalforwarderfromaninstaller At some point in the installation you can add the destination of your receiving indexer ( your virtual box windows ). Put in the IP + port your defined on your Splunk Enterprise machine ( 9997 ). You can also configure Windows monitoring at some point which i didnt do yet, so i can't give you an advice on this one. The way i did it was to leave that point empty and install the "Splunk Add-On for Microsoft Windows" and "Splunk App for Windows Infrastructure" for Windows monitoring. You can find those apps here on Splunk base with links to their documentation. They are free to use. Splunk Add-on for Microsoft Windows: https://splunkbase.splunk.com/app/742/ Windows app for infrastructure: https://splunkbase.splunk.com/app/1680/ ... View more