×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
belleke
Explorer
Member since: ‎12-12-2024
‎12-12-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 1
Member Since ‎12-12-2024
Activity Feed
Topics I've Started
View All

Re: sending wineventlog

by in Getting Data In
‎12-12-2024 07:28 AM
1 Karma
‎12-12-2024 07:28 AM
1 Karma
I've solved the issue, thanks for your help! @richgalloway  ... View more

Re: sending wineventlog

by in Getting Data In
‎12-12-2024 06:41 AM
‎12-12-2024 06:41 AM
@richgalloway  Thanks for your reply, unfortunately I still have no luck. By the looks of it I'm not receiving any sourcetypes in splunk. I saw my typo mistake later but still wasn't able to receive any kind of data regarding wineventlogging.  Any other suggestions what could be the issue? ... View more

Re: sending wineventlog

by in Getting Data In
‎12-12-2024 05:49 AM
‎12-12-2024 05:49 AM
The first sreenshot is about UF's internal logs in Splunk. The second screenshot is my search string looking for winevent. I also wrote down my inputs.conf. I do apologize that I have little knowledge about this all. If I need to send more info or the right one 😉 please let me know, thanks!   inputs.conf= [WinEventLog://Security] disabled = 0 index = main sourcetype = WinEventLog:Security evt_resolve_ad_obj = 1 checkpointInterval = 5 @richgalloway    ... View more

sending wineventlog

by in Getting Data In
‎12-12-2024 05:03 AM
‎12-12-2024 05:03 AM
Hi, I’m quite new to splunk when it comes to sending data to splunk. I do have experience with making dashboards etc. I’ve got a problem receiving data from a windows pc. I’ve installed the universal forwarder on there and I’ve got another windows pc that acts as my enterprise environment. I do know that the forwarder is active and can see a connection. I want to send wineventlog data to splunk. I’ve made a input.conf and output.conf containing information for what I want to forward. But when I want to look it up in the search I have 0 events. I’m sure I’m doing some things wrong haha. I would like some help with it. Thanks!  ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-12-2024 10:53 AM
Karma from
View All
Karma given to
View All