Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

Why is my Remote File & Directory input not automatically inputting data?

Callumfranks
Engager
‎08-29-2018 06:50 AM

I currently have a Remote File & Directory Data Input on the following log
'C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx'

If I disable and enable the Data Input, it will import the log data. If I then go and make events within the log, it does not automatically import in to Splunk. However, if i go back and disable and enable the Data Input, it will import the backlog of events perfectly. Is there any way to automate this?

0 Karma
Reply
Highlighted

Re: Why is my Remote File & Directory input not automatically inputting data?

richgalloway
SplunkTrust
SplunkTrust
‎08-29-2018 08:33 AM

What are the inputs.conf settings for that file?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Highlighted

Re: Why is my Remote File & Directory input not automatically inputting data?

Callumfranks
Engager
‎08-30-2018 02:53 AM

the inputs.conf is below:

[monitor://C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx]
disabled = 0
index = remotelog
0 Karma
Reply