Hello Folks,
I am trying to set up Splunk App for Windows Infrastructure for easier dashboarding and management, however, despite days of research, I am still unable to fix/solve the problem regarding sourcetype.
So far, I have already installed Splunk Add-on for Microsoft Windows and I am able to receive various data already, to show a snippet of my inputs.conf at Splunk Add-on for Microsoft Windows:
```
###### Host monitoring ######
[WinHostMon://Computer]
interval = 600
disabled = 0
index = hostmonitoring
sourcetype=WinHostMon
type = Computer
[WinHostMon://Process]
interval = 600
disabled = 0
index = hostmonitoring
sourcetype=WinHostMon
type = Process
```
I have a lot more configuration but the concept should be clear that I followed the initial inputs.conf in the default and use only the portions which I require.
If I were to search for index=hostmonitoring I will be able to get data just fine, but I am unable to get any data when I search sourcetype=WinHostMon.
The concept is the same regarding the other sourcetypes, Perfmon, WinHostMon, WinPrintMon, and WinRegMon, for some odd reason, ONLY WinEventLogs were "searchable".
Upon researching deeper, even though I included sourcetype={my_input}, it seems like the props.conf requires a matching stanza if not it wouldn't work anyways. On the other hand, I have seen people saying that some app authors do not allow customization of sourcetype. I am truly puzzled by this and I have seen just a few similar queries online but a proper solution was never shared.
https://answers.splunk.com/answers/583743/how-to-enable-sourcetypewinregistry-for-windows-in.html
I am truly struggling with this and I hope someone can help me out!
Thank you very much for taking the time to read this long message!
