Hi ,
Below is custom event logs which I am configuring on windows forwarder but they are not showing up in Splunk. We can see events coming from default events like system,security etc. Below is syntax I am using
[WinEventLog://Citirix Delivery Services]
disabled = 0
start_from = oldest
current_only = 1
checkpointInterval = 5
index = wineventlog
Attached screenshot shows location of event logs
Hi,
Just some comments to that:
Thanks,
J
@javiergn
Yes Citrix delivery services is complete folder. Somehow i started seeing data after windows server reboot. Now I am adding couple more customized . Below is events I want to see and screenshot. Is path mentioned correct ? This event is underneath other events from events view, but exist in same folder structure
[WinEventLog://Citrix-CDF_ErrorReporter/Admin]
disabled = 0
start_from = oldest
current_only = 1
checkpointInterval = 5
index = wineventlog
Hi, as per the screenshot the path looks correct to me.
Hopefully that should be working just fine.
If you are happy with the resolution of this issue please do not forget to mark it as answered so that it can be closed.
Thanks,
J
Thanks for replying. It was typo in post. Was using correct syntax in my use case
[WinEventLog://Citrix Delivery Services]
disabled = 0
start_from = oldest
current_only = 1
checkpointInterval = 5
index = wineventlog
What about the other 3 points I mentioned above?
Did you manage to try any of that?
Regards,
J