"When the installer prompts you to specify inputs, enable the event log inputs by checking the "Event logs" checkbox."
- I also pushed inputs.conf for eventlog collection via deployment server with the below stanza.
[WinEventLog://Application]
disabled=0
[WinEventLog://Security]
disabled=0
[WinEventLog://System]
disabled=0
Eventlog data is not getting collected. Also there is no output for the host on the Search Head.
1) I noticed this error in the splunkd.log on the windows forwarder and I'm not aware of this error, also couldn't find much info on Splunk docs / splunk answers. All I did was installing the forwarder on the host. I never set up any cron for the splunk exe process and Im unable to figure out this error.
Could someone please guide:
08-01-2017 06:26:04.223 -0400 ERROR ExecProcessor - message from ""E:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"" splunk-powershell - Powershell::InitPowershell: Stanza get-networklatency. Invalid cron schedule: 0*/5***?
2) Also Am I missing out an any steps for configuring the windows forwarder Eventlog collection?
