About fliwei

fliwei · ‎06-11-2021

Did you try to route the logs through an intermediate forwarder with the latest windows TA installed? I would suggest that you check the compatibility of all the apps version. I’ m using Ver.8 splunk enterprise, universal forwarder and windows TA

fliwei · ‎03-04-2021

@scelikok I was looking around the splunk community and found someone who came up with this solution of using alwaysOpenFile. Unfortunately it didn't work. I've have since found the solution to my problem. I installed the latest Windows TA on my intermediate forwarders, and redirected my DHCP servers to send logs through them and to splunk cloud. Previously, the DHCP servers were sending logs out to splunk cloud directly through a cloud stack. Seems like a bit of "massaging" by the intermediate forwarder did the trick. Thanks.

fliwei · ‎03-03-2021

At the beginning of this month, the DHCP servers have stopped feeding logs into my splunk instance. Everyday at around 12AM local time, there will only be one log entry and it only shows the "Microsoft Windows DHCP Service Activity Log" header and the codes. There are extracted from the corresponding day's DHCP log file. but the DHCP logs that follows after that did not appear in the splunk instance. Here is the inputs.conf which is added into the DHCP servers (installed with UF) [monitor://$WINDIR\System32\DHCP] disabled = 0 whitelist = DhcpSrvLog* alwaysOpenFile = 1 crcSalt = <SOURCE> sourcetype = DhcpSrvLog index = windows

Posts	3
Solutions	1
Karma Given	0
Karma Received	0
Member Since	‎03-03-2021

Online Status	Offline
Date Last Visited	‎06-11-2021 10:24 AM

DHCP logs not appearing on splunk

Re: DHCP logs not appearing on splunk

Re: DHCP logs not appearing on splunk

DHCP logs not appearing on splunk