https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391170#M94136 <P>hi @madhufuture,</P> <P>Did either of the answers below solve your problem? If so, please resolve this post by approving one of them. <BR /> If your problem is still not solved, keep us updated so that someone else can help ya.</P> <P>Thanks for posting!</P> Wed, 26 Sep 2018 00:11:07 GMT mstjohn_splunk 2018-09-26T00:11:07Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391167#M94133 <P>Hi,</P> <P>I have an application <STRONG>ABC</STRONG>. From application <STRONG>ABC</STRONG> , I'm writing my logs to Windows <EM>Application</EM> Event logs. I want to index only my ABC application logs, not complete my windows event logs.</P> <P>Could you please help me figure out how I can index specific application event logs?</P> Mon, 24 Sep 2018 23:45:49 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391167#M94133 madhufuture 2018-09-24T23:45:49Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391168#M94134 <P>You can filter by setting a unique event ID in the application log.</P> <P>inputs.conf:　whitelist<BR /> Whether to index events that match the specified text string. This attribute is optional.<BR /> You can specify one of two formats:</P> <P>One or more Event Log event codes or event IDs (Event Code/ID format.)<BR /> One or more sets of keys and regular expressions (Advanced filtering format.)</P> Tue, 25 Sep 2018 04:20:04 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391168#M94134 HiroshiSatoh 2018-09-25T04:20:04Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391169#M94135 <P>Basically, when you are writing out your application logs, you need to mark them in some way so that they can be easily identified. </P> <P>Then, you blacklist all incoming events, and whitelist only those that match your application logs.</P> Tue, 25 Sep 2018 14:27:12 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391169#M94135 DalJeanis 2018-09-25T14:27:12Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391170#M94136 <P>hi @madhufuture,</P> <P>Did either of the answers below solve your problem? If so, please resolve this post by approving one of them. <BR /> If your problem is still not solved, keep us updated so that someone else can help ya.</P> <P>Thanks for posting!</P> Wed, 26 Sep 2018 00:11:07 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391170#M94136 mstjohn_splunk 2018-09-26T00:11:07Z https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391171#M94137 <P>Perfect!! Thanks for your help</P> Wed, 26 Sep 2018 22:38:55 GMT https://community.splunk.com/t5/Getting-Data-In/How-do-I-index-only-my-application-data-from-windows-event-logs/m-p/391171#M94137 madhufuture 2018-09-26T22:38:55Z