All Apps and Add-ons

How to add Windows Services and Application logs in Splunk Cloud?

shilpijain
Explorer

How to watch Windows service and application logs like -Activedocs Opus?
Do we need to edit inputs.conf in Splunk Add-on for Microsoft Windows for that?
If yes, what are config changes?

0 Karma

xavierashe
Contributor

This is the code you need in your inputs.conf for applications logs.

[WinEventLog://Application]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index = wineventlog
renderXml=false

xavierashe
Contributor

Are you using a deployment server?

0 Karma

adonio
SplunkTrust
SplunkTrust

Hi shilpijain,
Yes, edit the Windows TA to collect application logs:
[WinEventLog://Application]
disabled = 1
start_from = oldest
current_only = 0
checkpointInterval = 5
index = wineventlog
renderXml=false
depends on the case, you will sometimes need to enable some auditing on windows server

0 Karma

xavierashe
Contributor

Close, but set disabled = 0.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!