Splunk Event Entries not showing Info


Splunk Event Entries not showing Info

j

Hi guys,

I was able to succesfully configure Supercharger Free with Splunk Free and Splunk App for Logbinder like mentioned here:
https://support.logbinder.com/SuperchargerKB/50135/8-Install-Supercharger-with-Splunk-Light-and-the-Splunk-App-for-LOGbinder

Dashboards are working, but when I click a event (doesn't matter which event id) it doesn't really show me info of the event:


Shouldn't it show the event like I can see it in the Supercharger-Destination-ADChanges-Log EventViewer with Info of the 4720 event like who created the user and so on? Does a filter need to be changed or something like that?

Furthermore one question: The collected events are NOT stored in the database right? It's just the file on the hard drive which has been configured with the Event Log in Supercharger WebUI? And Splunk get's info out of this file?

Thanks!

bjvista

juerchri - 10/26/2018
Hi guys,

I was able to succesfully configure Supercharger Free with Splunk Free and Splunk App for Logbinder like mentioned here:
https://support.logbinder.com/SuperchargerKB/50135/8-Install-Supercharger-with-Splunk-Light-and-the-Splunk-App-for-LOGbinder

Dashboards are working, but when I click a event (doesn't matter which event id) it doesn't really show me info of the event:


Shouldn't it show the event like I can see it in the Supercharger-Destination-ADChanges-Log EventViewer with Info of the 4720 event like who created the user and so on? Does a filter need to be changed or something like that?

Furthermore one question: The collected events are NOT stored in the database right? It's just the file on the hard drive which has been configured with the Event Log in Supercharger WebUI? And Splunk get's info out of this file?

Thanks!

Yeah that doesn't look correct.  Something must be configured incorrectly.  Here is how the event should look.  I'll get an answer about your event storage question from one of our splunk guys.




i

juerchri - 10/26/2018
Hi guys,

I was able to succesfully configure Supercharger Free with Splunk Free and Splunk App for Logbinder like mentioned here:
https://support.logbinder.com/SuperchargerKB/50135/8-Install-Supercharger-with-Splunk-Light-and-the-Splunk-App-for-LOGbinder

Dashboards are working, but when I click a event (doesn't matter which event id) it doesn't really show me info of the event:


Shouldn't it show the event like I can see it in the Supercharger-Destination-ADChanges-Log EventViewer with Info of the 4720 event like who created the user and so on? Does a filter need to be changed or something like that?

Furthermore one question: The collected events are NOT stored in the database right? It's just the file on the hard drive which has been configured with the Event Log in Supercharger WebUI? And Splunk get's info out of this file?

Thanks!


The app is configured to directly receive the following winevents:

[WinEventLog://Supercharger-Destination-ADChanges/Log]

once that is received by Splunk, then Splunk is storing it in its own database.  


j

Hi guys,

@bjvista: Much appreciated, thanks!
@imrago: Okay thank you, that answers my second question Smile

GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search