Solved: Can Splunk Cloud index .evtx Windows event logs if...

dshelikhov · ‎06-22-2015

Is it correct that Splunk Cloud cannot index .evtx Windows event logs in case I upload this directly?

dshelikhov · ‎06-24-2015

Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.

Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.

View solution in original post

dshelikhov · ‎06-24-2015

Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.

Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.

jimmpoul · ‎06-22-2015

I'm not aware of the .evtx file format, but with a forwarder, Splunk Cloud will index Windows events just like a regular Splunk Enterprise.

Can Splunk Cloud index .evtx Windows event logs if I upload this directly?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms