×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
abdallah_bakr
Explorer
Member since: ‎07-21-2023
‎07-22-2023
Community Statistics
Posts 7
Solutions 0
Karma Given 8
Karma Received 0
Member Since ‎07-21-2023
Activity Feed
View All

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-22-2023 04:28 AM
‎07-22-2023 04:28 AM
I went through the article. It talks about installing Splunk Enterprise on Windows not Splunk Universal Forwarder and by the way I have installed the UF on DCs tens of times using the same way and running under the Local System account (which is the default installation) and never encountered the issue. I have this also running on my LAB AD environment without any issues. ... View more

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-22-2023 02:58 AM
‎07-22-2023 02:58 AM
The UF runs under Local System account ... View more

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-22-2023 02:57 AM
‎07-22-2023 02:57 AM
The UF runs under Local System account. ... View more

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-21-2023 03:50 PM
‎07-21-2023 03:50 PM
We have 4 DCs, It's not working on any of them but it works on other Windows servers and workstations. ... View more

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-21-2023 01:35 PM
‎07-21-2023 01:35 PM
That's strange because I have installed tons of Universal Forwarder on Windows servers/machines and I have never faced this issue before. ... View more

Re: Windows Event Logs Not Forwarding Security Eve...

by in Getting Data In
‎07-21-2023 11:32 AM
‎07-21-2023 11:32 AM
Hi @gcusello  Of course. I am also using a deployment server to deploy Splunk_TA_windows for all Windows machines so that the configurations are the same for all Windows machines. And as I previously mentioned, when I installed the UF on a regular Windows PC, everything worked like a charm, and all event types, including Security events, were forwarded without a hitch. So I am only facing this issue only on DC-01. ... View more

Windows Event Logs Not Forwarding Security Events ...

by in Getting Data In
‎07-21-2023 05:09 AM
‎07-21-2023 05:09 AM
 I've got Splunk Universal Forwarder up and running on my DC-01, and it's set to forward all Windows event logs to Splunk. But there's a catch - it's not forwarding the Security events for some reason! Interestingly, when I installed the UF on a regular Windows PC, everything worked like a charm, and all event types, including Security events, were forwarded without a hitch.  I've done my fair share of digging through documentation and troubleshooting cases, but I'm still at a loss. It feels like it might be a permissions or rights issue, but I can't seem to find the root cause. If any of you have encountered a similar issue or have any insights, I'd be incredibly grateful for your help and ideas. Thank you in advance for any guidance you can provide! ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-22-2023 08:01 AM
Karma given to
View All