https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223943#M43838 <P>Hi, as per the screenshot the path looks correct to me.<BR /> Hopefully that should be working just fine.</P> <P>If you are happy with the resolution of this issue please do not forget to mark it as answered so that it can be closed.</P> <P>Thanks,<BR /> J</P> Fri, 30 Sep 2016 09:11:52 GMT javiergn 2016-09-30T09:11:52Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223938#M43833 <P>Hi ,<BR /> Below is custom event logs which I am configuring on windows forwarder but they are not showing up in Splunk. We can see events coming from default events like system,security etc. Below is syntax I am using</P> <P>[WinEventLog://Citirix Delivery Services]<BR /> disabled = 0<BR /> start_from = oldest<BR /> current_only = 1<BR /> checkpointInterval = 5<BR /> index = wineventlog</P> <P><IMG src="https://community.splunk.com/storage/temp/162188-picture1.png" alt="alt text" /></P> <P>Attached screenshot shows location of event logs</P> Tue, 29 Sep 2020 11:13:40 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223938#M43833 yanivdutt 2020-09-29T11:13:40Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223939#M43834 <P>Hi,</P> <P>Just some comments to that:</P> <UL> <LI>Isn't the name in your config file wrong? Shouldn't it be "Citrix Delivery Services" instead of "Citirix Delivery Services]" (notice the extra i)</LI> <LI>I can't see your screenshot very well but there seems to be two blank spaces between Delivery and Services, is that the case?</LI> <LI>Also, is "Citrix Delivery Services" the full path of your event log?</LI> <LI>Finally, have you tried reading from any other log in the same folder such as "Internet Explorer" and see if that works?</LI> </UL> <P>Thanks,<BR /> J</P> Wed, 28 Sep 2016 08:23:44 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223939#M43834 javiergn 2016-09-28T08:23:44Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223940#M43835 <P>Thanks for replying. It was typo in post. Was using correct syntax in my use case</P> <P>[WinEventLog://Citrix Delivery Services]<BR /> disabled = 0<BR /> start_from = oldest<BR /> current_only = 1<BR /> checkpointInterval = 5<BR /> index = wineventlog</P> Tue, 29 Sep 2020 11:10:40 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223940#M43835 yanivdutt 2020-09-29T11:10:40Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223941#M43836 <P>What about the other 3 points I mentioned above?<BR /> Did you manage to try any of that?</P> <P>Regards,<BR /> J</P> Wed, 28 Sep 2016 08:49:20 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223941#M43836 javiergn 2016-09-28T08:49:20Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223942#M43837 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/113132">@javiergn</a> <BR /> Yes Citrix delivery services is complete folder. Somehow i started seeing data after windows server reboot. Now I am adding couple more customized . Below is events I want to see and screenshot. Is path mentioned correct ? This event is underneath other events from events view, but exist in same folder structure</P> <P>[WinEventLog://Citrix-CDF_ErrorReporter/Admin]<BR /> disabled = 0<BR /> start_from = oldest<BR /> current_only = 1<BR /> checkpointInterval = 5<BR /> index = wineventlog</P> <P><IMG src="https://community.splunk.com/storage/temp/162191-picture1.png" alt="alt text" /></P> Tue, 29 Sep 2020 11:11:58 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223942#M43837 yanivdutt 2020-09-29T11:11:58Z https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223943#M43838 <P>Hi, as per the screenshot the path looks correct to me.<BR /> Hopefully that should be working just fine.</P> <P>If you are happy with the resolution of this issue please do not forget to mark it as answered so that it can be closed.</P> <P>Thanks,<BR /> J</P> Fri, 30 Sep 2016 09:11:52 GMT https://community.splunk.com/t5/Getting-Data-In/Windows-custom-events-logs-not-showing-up-in-Splunk/m-p/223943#M43838 javiergn 2016-09-30T09:11:52Z