About bakeery

bakeery · ‎06-19-2025

No, I am not using a Splunk add-on I am using the Splunk forwarder to send the logs

bakeery · ‎06-19-2025

Thank you for your reply. I am using Splunk 9.4.2 which is the latest version as of now.

bakeery · ‎06-18-2025

Hi all, I’m using the Splunk Universal Forwarder on Windows to collect event logs. My inputs.conf includes the following configurations: [WinEventLog://Security] disabled = 0 index = win_log [WinEventLog://System] disabled = 0 index = win_log [WinEventLog://Application] disabled = 0 index = win_log [WinEventLog://Microsoft-Windows-Sysmon/Operational] disabled = 0 renderXml = true index = win_log The first three (Security, System, and Application) work perfectly and show readable, structured logs. However, when I run: index=win_log sourcetype=*sysmon* I get logs in unreadable binary or hex format like: \x00\x00**\x00\x00 \x00\x00@\x00\x00\x00\x00\x00\x00\xCE.... How can I fix this and get properly parsed Sysmon logs (with fields like CommandLine, ParentProcess, etc.)?

bakeery · ‎06-18-2025

I am facing the same issue, has anyone solved it?

Posts	4
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎06-18-2025

Online Status	Offline
Date Last Visited	‎06-19-2025 12:41 AM

Sysmon logs appear as binary/hex in Splunk how to ...

Re: Sysmon logs appear as binary/hex in Splunk how...

Re: Sysmon logs appear as binary/hex in Splunk how...

Sysmon logs appear as binary/hex in Splunk how to ...

Re: Changing server IP from 127.0.0.1 to 192.168.0...

Join the Conversation

Sysmon logs appear as binary/hex in Splunk how to ...

Re: Sysmon logs appear as binary/hex in Splunk how...

Re: Sysmon logs appear as binary/hex in Splunk how...

Sysmon logs appear as binary/hex in Splunk how to ...

Re: Changing server IP from 127.0.0.1 to 192.168.0...