Solved: Re: Running Splunk Enterprise on Windows 2008 R2, ...

ceichhorn · ‎04-22-2015

I'm running Splunk Enterprise on a Windows 2008 R2 server and I'm looking to index the local security logs for the server in to splunk. I can't seem to figure out how to do this: can someone help me with that? I'm sure it's rather simple, I just can't find it. Thanks!

menonmanish · ‎04-22-2015

For Splunk 5, simply use the following in your inputs.conf
[WinEventLog:Security]
disabled = 0

For Splunk Latest release use
[WinEventLog://Security]
disabled = 0

Refer to http://docs.splunk.com/Documentation/Splunk/6.2.2/Data/MonitorWindowsdata for more details.

View solution in original post

menonmanish · ‎04-22-2015

For Splunk 5, simply use the following in your inputs.conf
[WinEventLog:Security]
disabled = 0

For Splunk Latest release use
[WinEventLog://Security]
disabled = 0

Refer to http://docs.splunk.com/Documentation/Splunk/6.2.2/Data/MonitorWindowsdata for more details.

ceichhorn · ‎04-22-2015

Thanks very much Meno, this got it.

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Join the Conversation

Running Splunk Enterprise on Windows 2008 R2, how do I index local security logs?

Data Management Digest – December 2025

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...