Hi all,
I usually onboard Windows Server 2008 and newer but 2003 it is not working with below Stanza
# Windows platform specific input processor. [WinEventLog://Application] disabled = 0 [WinEventLog://Security] disabled = 0 [WinEventLog://System] disabled = 0
is it possible to read the files like this?
[monitor://C:\WINDOWS\System32\config\AppEvent.Evt]
Best,
N.
Splunk doesn't support Win2003. Perhaps you can find a third-party tool that can export the event log into a form Splunk can ingest.