https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/599501#M208675 <P>The syntax for Windows event log stanza is:<BR /><BR />[WinEventLog://&lt;channel-name&gt;]</P> Thu, 26 May 2022 20:35:42 GMT wcolgate_splunk 2022-05-26T20:35:42Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514138#M144303 <P>Trying to collect information from a sub folder in a Windows server event log. Specifically in the Applications and Services Logs/DFS Replication folder. So far it looks like I need to add some info to my local conf file, but unsure of the proper syntax. I believe it would be along these lines:</P> <P>[WinEventLog:"Application and Services Logs/DFSReplication"]<BR />disabled=0<BR />start from=oldest<BR />currentonly=0</P> <P>Can anyone point me to the proper doc to figure this out or offer a suggestion. Thanks in advance.</P> <P>&nbsp;</P> <P>&nbsp;</P> Thu, 26 May 2022 20:38:25 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514138#M144303 ttiller 2022-05-26T20:38:25Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514140#M144304 Have you tried removing the quotation marks from the stanza name? Fri, 14 Aug 2020 15:11:29 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514140#M144304 richgalloway 2020-08-14T15:11:29Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514144#M144306 <P>I have not. I was unsure if I was even on the right track and did not want to jump off the cliff without some assurances that I'm not going to screw something up. "Nothing ventured nothing gained" as they say. Will give it a go and let you know. Thanks</P> Fri, 14 Aug 2020 15:17:23 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/514144#M144306 ttiller 2020-08-14T15:17:23Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/517090#M145367 <P>The adjustment was&nbsp; made on the backend so now my search should be successful. Thank you for your suggestion.</P> Mon, 31 Aug 2020 18:45:07 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/517090#M145367 ttiller 2020-08-31T18:45:07Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/517121#M145382 <P>If your problem is resolved, then please click the "Accept as Solution" button to help future readers.</P> Mon, 31 Aug 2020 20:58:39 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/517121#M145382 richgalloway 2020-08-31T20:58:39Z https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/599501#M208675 <P>The syntax for Windows event log stanza is:<BR /><BR />[WinEventLog://&lt;channel-name&gt;]</P> Thu, 26 May 2022 20:35:42 GMT https://community.splunk.com/t5/Splunk-Search/WinEventLog-Appliction-and-Services-Logs-Does-anyone-have-a-doc/m-p/599501#M208675 wcolgate_splunk 2022-05-26T20:35:42Z