Is it even possible to configure Windows Event Logs through command line?
PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe add monitor WinEventLog://Security
In handler 'monitor': Parameter name: Path does not exist.
Also tried:
C:\Windows\System32\Winevt\Logs\Security.evtx (but then I get charset problems) and I didn't find how to specify it when you add monitor (using command line only).
Hi ,
Please check the below documentation as how you can add the Event logs for monitoring using Splunk.
http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata
The Command that you are using is to add normal log files for monitoring and not for event logs.
Regards,
Badri
Hi ,
Please check the below documentation as how you can add the Event logs for monitoring using Splunk.
http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWindowseventlogdata
The Command that you are using is to add normal log files for monitoring and not for event logs.
Regards,
Badri