×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
knsaunders
Loves-to-Learn
Member since: ‎10-15-2020
‎10-15-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎10-15-2020
Activity Feed
View All

Re: I am new to Splunk and have a question

by in Getting Data In
‎10-15-2020 10:01 AM
‎10-15-2020 10:01 AM
Thank you for your response! Yes, I installed Splunk Enterprise on my Kali VM and the Universal Forwarders on Windows 10 Enterprise and Windows Server 2019. I can ping with no problems between all of the machines. For the Kali VM logs, I just installed the "Splunk Add-on for Unix and Linux" app and the logs are being indexed with no problems. I did edit the inputs.conf and outputs.conf, I can provide a copy of them: Windows 10 VM inputs.conf [default] host = Windows10Ent [scripts://$SPLUNK_HOME\bin\scripts\splunk-wmi.path] disabled = 0 [monitor://C:\logs\remote_access.log] sourcetype = remote_access_logs index = remotelogs [WinEventLog://Application] index=remotelogs [WinEventLog://Security] index=remotelogs [WinEventLog://System] index=remotelogs outputs.conf [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = 192.168.163.129:9997 [tcpout-server://192.168.163.129:9997]   Windows Server 2019 inputs.conf [default] host = KKMEDIA-SERVER2019 [scripts://$SPLUNK_HOME\bin\scripts\splunk-wmi.path] disabled=0 [monitor://C:\logs\remote_access.log] sourcetype = remote_access_logs index=remotelogs [WinEventLog://Application] index=remotelogs [WinEventLog://Security] index=remotelogs [WinEventLog://System index=remotelogs   outputs.conf [tcpout] defaultGroup = default-autolb-group [tcpout:default-autolb-group] server = 192.168.163.129:9997 [tcpout-server://192.168.163.129:9997]   Logs are coming under 2 Hosts, the Kali Machine(where Splunk Ent. is installed) and from the Windows 10 VM and I see them listed as "Hosts".   When I did not see the Windows Server 2019 logs coming in, I found this command to check what IP addresses the logs were coming in from and sure enough one of them was the IP for my Windows Server 2019.  When I dug a little deeper and looked at the logs with a Source IP of the Windows Server, it showed 'host=kali".  ... View more

I am new to Splunk and have a question

by in Getting Data In
‎10-15-2020 08:39 AM
‎10-15-2020 08:39 AM
Greetings!  I am new to Splunk and I am trying to learn it so please take it easy on me 🙂 I setup an environment with a Kali VM(This is where Splunk Enterprise is setup), a Windows 10 Enterprise VM and a Windows Server 2019 VM.  I setup the Universal Forwarder on Windows 10 and when I go to Splunk I can see it listed as a "Host", I also setup the Kali VM to send its logs to Splunk and I see it listed as a "Host" as well.  However, the logs coming from the Windows Server 2019(setup as a Domain Controller) are not showing up as a "Host", it seems to be merged in with one of the other "Hosts". It is my understanding that any logs coming in from the Server should show up as a different Host so I should see the Kali VM as a Host, the Windows 10 VM as a Host and the same for Server 2019, however, as I explained, it is not showing up as a Host. If anybody is willing to help, please let me know what information you would like me to share.   Thank you in advance.   Kirk ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎10-15-2020 11:43 PM