joshnguyen08
commented
2 weeks ago Addtionally, go to splunk and set up
Go back to splunk server > settings > “add data” > “forward”
If you’ve done this step right, you should see the windows DC host under “Available hosts”
Click that and hit next
If you hit next and you do not see “Local Event Logs” as a option to select as source, then you need to go to settings > “Data inputs” > go down to forwarded inputs > select “Windows Event logs” and continue from there
Next step, select ‘wineventlog” as the index
Here's how we got it onto Windows DC, follow similar steps:
Receiving Windows Event Logs
Go download “Splunk Universal Forwarder” from the splunk website on your windows 2022 DC server
Deployment server is an optional step but go ahead and do it anyways, set the port to the default 8089
Setting up receiving indexer is next, make sure this is set to 9997 port which is where we will send our windows event log to Splunk at:
Click install to install the Splunk universal forwarder