How to watch Windows service and application logs like -Activedocs Opus?
Do we need to edit inputs.conf in Splunk Add-on for Microsoft Windows for that?
If yes, what are config changes?
This is the code you need in your inputs.conf for applications logs.
[WinEventLog://Application]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index = wineventlog
renderXml=false
Are you using a deployment server?
Hi shilpijain,
Yes, edit the Windows TA to collect application logs:
[WinEventLog://Application]
disabled = 1
start_from = oldest
current_only = 0
checkpointInterval = 5
index = wineventlog
renderXml=false
depends on the case, you will sometimes need to enable some auditing on windows server
Close, but set disabled = 0.