About pck1983

soberocean · ‎10-24-2024

Hey, I had the same issue and I fixed it by changing the user through Services:

pck1983 · ‎09-14-2023

I got the following errors in my Splunk Error Logs: Failed to find Event Log with channel name=Applications and Services Logs/Microsoft/Windows/Sysmon/Operational Init failed, unable to subscribe to Windows Event Log channel Microsoft-Windows-Sysmon/Operational: errorCode=5

gcusello · ‎09-08-2023

Hi @pck1983, here you can find some useful description of how Splunk manages timezones: https://docs.splunk.com/Documentation/SCS/current/Search/Timezones https://docs.splunk.com/Documentation/SplunkCloud/latest/Data/Applytimezoneoffsetstotimestamps In few words, yes, if Splunk isn't able to understand the timestamp, is uses the previous event timestamp or _indextime as _time. Splunk automatically manages different timezones so, setting the timezone in your user preferences, you can read the timestamps using the timestamp corresponding to your timezone. Ciao. Giuseppe

pck1983 · ‎09-06-2023

I have it solved - no idea what it was but after I rebooted all of the machines it start to work... Thanks! BTW - when my 60 days of test period are done and I go back to the free license. Will the forwarders work or do I need a prof. license? I am pretty sure my 3 workstations will not exceed the 500MB / day limit!

Posts	8
Solutions	0
Karma Given	3
Karma Received	0
Member Since	‎09-05-2023

Online Status	Offline
Date Last Visited	‎09-16-2023 04:37 PM

Why the ErrorCode 5 when trying to forward Sysmon ...

Importing sysmon logs into Splunk

Time in Splunk

Beginner issues

Re: Why the ErrorCode 5 when trying to forward Sys...

Re: Importing sysmon logs into Splunk

Re: Time in Splunk

Re: Beginner issues

Join the Conversation