×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tsocyberoperati
Loves-to-Learn Lots
Member since: ‎01-06-2020
‎07-21-2025
Community Statistics
Posts 5
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-06-2020
Activity Feed
View All

Re: UFW Access to WinEventLogs

by in Deployment Architecture
‎07-21-2025 12:18 PM
‎07-21-2025 12:18 PM
Hello Your questions are answered in the original post. Thank you ... View more

Re: UFW Access to WinEventLogs

by in Deployment Architecture
‎07-21-2025 08:40 AM
‎07-21-2025 08:40 AM
This is a new installation. So, no, no Windows Security events onboarded in the past. Thank you. ... View more

UFW Access to WinEventLogs

by in Deployment Architecture
‎07-21-2025 08:05 AM
‎07-21-2025 08:05 AM
Hello All, We have a Splunk Universal Forwarder 9.4.0 (then 9.4.3) installed on a Windows 2022 box to which we don't have direct access. We have deployed some apps and the forwarder manages to send us its splunkd.log and some other monitor inputs but we are not able to get the WinEvents (Applications/System/Security) using the specific stanzas.  The host is more hardened that usual,  but the Admins managed to configure what they believe are the EventLog permissions, to no avail. Something like this, never happened to us. We tried updating the agent version and configuring the installation both with LOCAL System permissions and Virtual Account permissions, but still no success. We don't see any relevant internal info regarding some problem with Permissions or EventLog access.  - is there any event we should look for on Windows Logs or UFW logs to undertand this problem? - Is there anything we can activate in the UFW to get more info about this limitation?  Thank you ... View more
Labels

Re: Syslog Forwarding Filtering

by in Getting Data In
‎09-25-2024 02:18 AM
‎09-25-2024 02:18 AM
Thank you Giuseppe. But the problem is related to filtering just one of the sources of that host. If you place a REGEX that is able to catch only the events of that specific source, you're good to go. But imagine you don't have a REGEX that can catch all the events of that source. how can you filter?   ... View more

Syslog Forwarding Filtering

by in Getting Data In
‎09-24-2024 11:24 AM
‎09-24-2024 11:24 AM
Hello, Imagine you have hundreds of Windows Universal Forwarders each sending three sources to your "Heavy Forwarders" then forwarded to the Indexers. Imagine you want to send just one of the sources, source A, of one of those Universal Forwarders, host A, via Syslog to a 3rd Party.   Is there an "elegant way" of filtering just that specific source of that specific host to be sent via syslog on the "Heavy Forwarders"/Indexers? Thank you ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-21-2025 07:43 AM