- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tmontney
Builder
06-26-2017
11:05 AM
[WinEventLog://Microsoft-Windows-DNS Client Events/Operational]
disabled = 0
index = wineventlog
interval = 60
What's wrong with this? I get the error in my splunk forwarder.
06-26-2017 12:16:31.997 -0500 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Microsoft-Windows-DNS Client Events/Operational'
I wrote the log name as shown in Event Viewer, and it is enabled.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tmontney
Builder
06-26-2017
11:30 AM
Determined the correct channel name is Microsoft-Windows-DNS-Client/Operational
. You can find the correct name by selecting an event, going to Details tab, under Friendly radio button, expand System and you'll see Channel.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
tmontney
Builder
06-26-2017
11:30 AM
Determined the correct channel name is Microsoft-Windows-DNS-Client/Operational
. You can find the correct name by selecting an event, going to Details tab, under Friendly radio button, expand System and you'll see Channel.
![](/skins/images/53C7C94B4DD15F7CACC6D77B9B4D55BF/responsive_peak/images/icon_anonymous_message.png)