https://community.splunk.com/t5/Getting-Data-In/Whitelist-Services-How/m-p/313011#M58649 <P>You can find how to monitor WinHostMon at <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowshostinformation">http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowshostinformation</A></P> <P>See type attribute to set which service to monitor.</P> <P>Example:</P> <PRE><CODE># Queries computer information. [WinHostMon://computer] type = Computer interval = 300 # Queries OS information. # 'interval' set to a negative number tells Splunk Enterprise to # run the input once only. [WinHostMon://os] type = operatingSystem interval = -1 </CODE></PRE> <P>For WMI please check <A href="http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorWindowseventlogdata">http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorWindowseventlogdata</A>.</P> <P>Example: </P> <PRE><CODE>[WMI:AppAndSys] server = foo, bar interval = 10 event_log_file = Application, System, Directory Service disabled = 0 </CODE></PRE> Tue, 28 Nov 2017 11:36:54 GMT damien_chillet 2017-11-28T11:36:54Z https://community.splunk.com/t5/Getting-Data-In/Whitelist-Services-How/m-p/313010#M58648 <P>How do you whitelist services you wish to monitor and not forward redundant ones to the Splunk Server....</P> <P>I've done before on WinEventLog but however not sure how to use WinHostMon or WMI to whitelist, will apperciate if someone has working configuration that whitelist/blacklist services</P> Tue, 28 Nov 2017 06:32:28 GMT https://community.splunk.com/t5/Getting-Data-In/Whitelist-Services-How/m-p/313010#M58648 Kitteh 2017-11-28T06:32:28Z https://community.splunk.com/t5/Getting-Data-In/Whitelist-Services-How/m-p/313011#M58649 <P>You can find how to monitor WinHostMon at <A href="http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowshostinformation">http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowshostinformation</A></P> <P>See type attribute to set which service to monitor.</P> <P>Example:</P> <PRE><CODE># Queries computer information. [WinHostMon://computer] type = Computer interval = 300 # Queries OS information. # 'interval' set to a negative number tells Splunk Enterprise to # run the input once only. [WinHostMon://os] type = operatingSystem interval = -1 </CODE></PRE> <P>For WMI please check <A href="http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorWindowseventlogdata">http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/MonitorWindowseventlogdata</A>.</P> <P>Example: </P> <PRE><CODE>[WMI:AppAndSys] server = foo, bar interval = 10 event_log_file = Application, System, Directory Service disabled = 0 </CODE></PRE> Tue, 28 Nov 2017 11:36:54 GMT https://community.splunk.com/t5/Getting-Data-In/Whitelist-Services-How/m-p/313011#M58649 damien_chillet 2017-11-28T11:36:54Z