Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Is it possible to configure inputs.conf to forward events based on "Custom Views" in Microsoft Event Viewer?

merter
New Member
‎04-06-2016 11:51 AM

Hi Splunk Community,

Can one configure inputs.conf to forward events based on a "Custom Views" in Event Viewer?
Specifically, we are looking to forward the events Certification Authority events.
alt text

Thanks

0 Karma
Reply
Highlighted

Re: Is it possible to configure inputs.conf to forward events based on "Custom Views" in Microsoft Event Viewer?

javiergn
SplunkTrust
SplunkTrust
‎04-06-2016 12:23 PM

Take a look at my answer here (the nested one) in case that helps:

https://answers.splunk.com/answers/371126/is-it-possible-to-transport-data-from-a-windows-ev.html

In summary:

[WinEventLog://Path-To-Your-View]
disabled = 0
start_from = oldest
index = yourindexname

For example:

[WinEventLog://Microsoft-Windows-TaskScheduler/Operational]

Thanks,
J

0 Karma
Reply