<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Translate GUID in Windows Event Log? in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104024#M21897</link>
    <description>&lt;P&gt;Does this work for "remote pulled" event logs as well?   I've put the following in inputs.conf but it does not seem to be doing lookups.&lt;/P&gt;

&lt;P&gt;[default]
evt_dc_name =
evt_dns_name =&lt;/P&gt;

&lt;P&gt;[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
index = eventlog_filtering_test
evt_resolve_ad_obj = 1      # resolved GUIDs and SIDs in the event data&lt;/P&gt;</description>
    <pubDate>Fri, 08 Apr 2011 21:04:43 GMT</pubDate>
    <dc:creator>hughkelley</dc:creator>
    <dc:date>2011-04-08T21:04:43Z</dc:date>
    <item>
      <title>Translate GUID in Windows Event Log?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104021#M21894</link>
      <description>&lt;P&gt;How would I configure Splunk to index WindowsEventLog events with the GUID's translated to their corresponding objects?&lt;/P&gt;</description>
      <pubDate>Tue, 14 Dec 2010 02:38:52 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104021#M21894</guid>
      <dc:creator>muebel</dc:creator>
      <dc:date>2010-12-14T02:38:52Z</dc:date>
    </item>
    <item>
      <title>Re: Translate GUID in Windows Event Log?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104022#M21895</link>
      <description>&lt;P&gt;Doc searching turned up the answer (I think):&lt;/P&gt;

&lt;P&gt;&lt;A href="http://www.splunk.com/base/Documentation/4.1.5/Admin/Inputsconf" rel="nofollow"&gt;http://www.splunk.com/base/Documentation/4.1.5/Admin/Inputsconf&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;evt_resolve_ad_obj =  1|0  Enables/disables resolving active directory objects like
GUID/SID objects for a specific windows event log channel.  By default this option
it turned on for Security event logs.  Optionally you can specify the Domain Controller
name and/or DNS name of the domain to bind to which then splunk will use to resolve the
AD objects.&lt;/P&gt;</description>
      <pubDate>Tue, 14 Dec 2010 03:03:41 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104022#M21895</guid>
      <dc:creator>muebel</dc:creator>
      <dc:date>2010-12-14T03:03:41Z</dc:date>
    </item>
    <item>
      <title>Re: Translate GUID in Windows Event Log?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104023#M21896</link>
      <description>&lt;P&gt;Hey muebel, did that solve your problem? If so please accept the answer as correct to close this question out. Thanks dude!&lt;/P&gt;</description>
      <pubDate>Tue, 08 Feb 2011 05:27:02 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104023#M21896</guid>
      <dc:creator>ftk</dc:creator>
      <dc:date>2011-02-08T05:27:02Z</dc:date>
    </item>
    <item>
      <title>Re: Translate GUID in Windows Event Log?</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104024#M21897</link>
      <description>&lt;P&gt;Does this work for "remote pulled" event logs as well?   I've put the following in inputs.conf but it does not seem to be doing lookups.&lt;/P&gt;

&lt;P&gt;[default]
evt_dc_name =
evt_dns_name =&lt;/P&gt;

&lt;P&gt;[script://$SPLUNK_HOME\bin\scripts\splunk-wmi.path]
disabled = 0
index = eventlog_filtering_test
evt_resolve_ad_obj = 1      # resolved GUIDs and SIDs in the event data&lt;/P&gt;</description>
      <pubDate>Fri, 08 Apr 2011 21:04:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Translate-GUID-in-Windows-Event-Log/m-p/104024#M21897</guid>
      <dc:creator>hughkelley</dc:creator>
      <dc:date>2011-04-08T21:04:43Z</dc:date>
    </item>
  </channel>
</rss>

