Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Universal Forwarder only sends monitored log file once per restart...

nabeel652
Builder
‎05-26-2015 04:27 AM

I have a universal forwarder installed on my Print Server (Windows 2012 R2). I used WinPrintMon but it is giving some funny results. However, I am able to pull out printer logs through pointing directly to the file c:\windows\system32\winevt\logs\microsoft-windows-printer%4operational. However, the forwarder only sends once the logs when restarted. After that it will not send any logs until restarted.

0 Karma
Reply

acharlieh
Influencer
‎05-26-2015 05:18 AM

Why are you using a monitor stanza instead of a WinEventLog stanza similar to: http://answers.splunk.com/answers/124859/unable-to-index-microsoft-windows-printservice-operational....

Reply

richgalloway
SplunkTrust
SplunkTrust
‎05-26-2015 04:52 AM

What are your inputs.conf settings?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

nabeel652
Builder
‎05-26-2015 05:38 AM

Thanks buddy, adding WinEventLog stanza solved my problem Cheers 🙂

0 Karma
Reply

nabeel652
Builder
‎05-26-2015 05:09 AM 
[monitor://c:\windows\system32\winevt\logs\Microsoft-Windows-PrintService%4Admin]
disabled=false
index=printmon

I've also tried with MonitorNoHandle but in that case the forwarder doesn't send data at all.

0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...