I currently have v8.5 of the Splunk_TA_Windows app, and the following stanza in inputs:
[WinEventLog://AD FS/Admin]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
renderXml=false
And it seems not to be working. I am also monitoring the Application, Security, and System logs, and they are showing up. I don't see anything in the logs. What am I doing wrong?