Is it even possible to configure Windows Event Logs through command line?
PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe add monitor WinEventLog://Security
In handler 'monitor': Parameter name: Path does not exist.
C:\Windows\System32\Winevt\Logs\Security.evtx (but then I get charset problems) and I didn't find how to specify it when you add monitor (using command line only).
Please check the below documentation as how you can add the Event logs for monitoring using Splunk.
The Command that you are using is to add normal log files for monitoring and not for event logs.
View solution in original post