Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

Why is my Remote File & Directory input not automatically inputting data?

Callumfranks
Engager
โ€Ž08-29-2018 06:50 AM

I currently have a Remote File & Directory Data Input on the following log
'C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx'

If I disable and enable the Data Input, it will import the log data. If I then go and make events within the log, it does not automatically import in to Splunk. However, if i go back and disable and enable the Data Input, it will import the backlog of events perfectly. Is there any way to automate this?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
โ€Ž08-29-2018 08:33 AM

What are the inputs.conf settings for that file?

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply

Callumfranks
Engager
โ€Ž08-30-2018 02:53 AM

the inputs.conf is below:

[monitor://C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx]
disabled = 0
index = remotelog
0 Karma
Reply