Getting Data In

Help with inputs.conf Stanza for the Azure AD MFA NPS Extension

arfee_splunker
Explorer

Hi all

Getting this message : 

ERROR ExecProcessor [3700 ExecProcessor] - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::configure: Failed to find Event Log with channel name='Microsoft-AzureMfa-AuthZ/AuthZAdminCh'

I've tried numerous combinations in the stanza such as : 

WinEventLog://Microsoft-AzureMfa-AuthZ/AuthZAdminCh

WinEventLog://Microsoft-AzureMfa-AuthZ-AuthZAdminCh

WinEventLog://Microsoft/AzureMfa/AuthZ/AuthZAdminCh

The Windows Event Log chain for the AuthZAdminCh source is in the attachment.  Just not quite sure where I'm going wrong. 

Appreciate some advice.

 

Labels (3)
0 Karma
1 Solution

arfee_splunker
Explorer

Powershell (get-winevent -listlog *).logname revealed that the channel is simply called "AuthZAdminCh"

( despite hierarchical ordering under Microsoft-AzureMfa-AuthZ as presented in Event viewer )

The proven stanza  is as simple as : [WinEventLog://AuthZAdminCh

 

View solution in original post

0 Karma

arfee_splunker
Explorer

AuthZAdminCh.JPG

0 Karma

arfee_splunker
Explorer

Powershell (get-winevent -listlog *).logname revealed that the channel is simply called "AuthZAdminCh"

( despite hierarchical ordering under Microsoft-AzureMfa-AuthZ as presented in Event viewer )

The proven stanza  is as simple as : [WinEventLog://AuthZAdminCh

 

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...