Getting Data In

Windows 2008 Server Event Viewer Logs

kbecker
Communicator

In the Server 2008 Event Viewer there are now a "Microsoft --> Windows" folders nested under the "Applications and Services Logs" section. What should the Splunk inputs.conf look like for the event logs under the "Microsoft" --> "Windows" folder. Specifically I am looking for the "PrintService --> Operational", but if anybody has any of these other logs being indexed the base input should be the same

**%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-**PrintService%4Operational.evtx

I tried the following with no success...

[WinEventLog:Microsoft:Windows:PrintService Operational]
[WinEventLog:PrintService Operational]

Thanks in advance...

1 Solution

kbecker
Communicator

This is stanza required

[WinEventLog:Microsoft-Windows-PrintService/Operational]

Thanks to Ellen Hom with Splunk Support

View solution in original post

patelpin
New Member

Are you using "Splunk Forwarder" on the target Machine????

0 Karma

cervelli
Splunk Employee
Splunk Employee

The add data interface will list these out as well. Even if you intended to deploy to a forwarder, you can still create the stanza as a sample on one Splunk to make sure the syntax is correct.

0 Karma

kbecker
Communicator

This is stanza required

[WinEventLog:Microsoft-Windows-PrintService/Operational]

Thanks to Ellen Hom with Splunk Support

AaronMoorcroft
Communicator

dont worry managed to get it working with this -

[WinEventLog:Microsoft-Windows-PrintService/Operational]
disabled = 0
start_from = oldest
current_only = 0

after some restarting if the forwarders 🙂

0 Karma

AaronMoorcroft
Communicator

So is that all you need to have in your input.conf file ? or do you need somthing somewhere else ? I need to monitor that particular event log however im getting nothing currently, I did merge that event log with the system event log which did sort or work but not as I need it to.

0 Karma
Get Updates on the Splunk Community!

AppDynamics Summer Webinars

This summer, our mighty AppDynamics team is cooking up some delicious content on YouTube Live to satiate your ...

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...