Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

WinEventLog System

santiagn
Path Finder
‎06-23-2017 08:55 AM

hi question regarding the wineventlog system collection.

for some reason splunk is only displaying event code 7036. i have a 2004 code that i am trying to log and set an alert but it is not picking it up for some reason. i see that 7036 is an information type and 2004 is a warning. what can i do to get 2004 to log?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

santiagn
Path Finder
‎06-23-2017 10:08 AM

figured it out,

changed start_from from oldest to newest

and current_only from 0 to 1

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

santiagn
Path Finder
‎06-23-2017 10:08 AM

figured it out,

changed start_from from oldest to newest

and current_only from 0 to 1

0 Karma
Reply
Solved! Jump to solution

santiagn
Path Finder
‎06-23-2017 09:04 AM

update: im searching Last 30 days and its only logging today if that helps. 2004 event happened 10 days ago so i am not sure if the problem is that splunk is only logging todays events or if it can see any other events

0 Karma
Reply
Solved! Jump to solution

adonio
Ultra Champion
‎06-23-2017 09:34 AM

please share your inputs stanza for winevenlog system
supposed to be something like that:
[WinEventLog://System]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index = wineventlog
renderXml=false

0 Karma
Reply
Solved! Jump to solution

santiagn
Path Finder
‎06-23-2017 09:47 AM

i only had disabled = 0 and my index, updated to what you mentioned and still no luck, only showing todays logs.

[WinEventLog://System]
disabled = 0
index=main
start_from = oldest
current_only = 0
checkpointInterval = 5
renderXml=false

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...