×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
skimfl
Engager
Member since: ‎07-21-2022
‎07-28-2022
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-21-2022
View All

Re: How to verify splunk universal forwarder is fo...

by in Monitoring Splunk
‎07-28-2022 04:43 AM
‎07-28-2022 04:43 AM
Thank you for all of your responses. I have done what some of you have suggested. I have a Powershell script that generates a report of the number of events in a time period. That data then can be viewed in Splunk and compared.    Thank you for all of the great advice ... View more

How to verify splunk universal forwarder is forwar...

by in Monitoring Splunk
‎07-21-2022 06:14 AM
‎07-21-2022 06:14 AM
Good morning / afternoon,  I am a cybersecurity professional who has been asked if there is a way to verify that splunk is capturing all the Windows Event logs. Currently the forwarder is configured to send all standard Windows log data to splunk. We utilize splunk to do domain and system cybersecurity event audits. I am confident my inputs.conf and splunk forwarders are configured properly,  but essentially trust but verify that splunk is indexing the appropriate data.  I know splunk is in use world wide and specifically in SOCs around the world. If one were asked to verify the data is infact whole is there a way to verify and test other than manually generating events and parsing both splunk and windows event viewer periodically to verify splunk is infact receiving all data. Obviously this could be a configuration but with such a high level of concern around cybersecurity I would assume that orgs need to trust the data in splunk is accurate, but how can I verify? Any tips? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-28-2022 08:14 AM