Monitoring Splunk

Unable to monitor logs from windows machine.

ppanchal
Path Finder

Hi,
I am struggling to monitor files from a windows machine.

Below is my inputs.conf file

[default]
index=maspat

[monitor://C:\MASPAT\Results]
sourcetype=mas
crcSalt=
ignoreolderThan=1d

Not sure why I see an unknown log like below getting logged instead of the actual files.

LogName=Application
SourceName=SecurityCenter
EventCode=15
EventType=4
Type=Information
ComputerName=AZP*******.wm.com
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=72097
Keywords=Classic
Message=Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_SNOOZED.

Tags (1)
0 Karma

mstjohn_splunk
Splunk Employee
Splunk Employee

hi @ppanchal,

Did @HiroshiSatoh solve your issue? If not, give us some more details to keep the post alive. That way, you have a greater chance of someone helping you solve your problem. Thanks!

0 Karma

HiroshiSatoh
Champion

There are various reasons why logs can not be acquired.
In addition to setting mistakes, search may also be wrong. Please check first according to troubleshooting.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Troubleshoottheinputprocess

By the way, are you using crcSalt correctly?

0 Karma
Get Updates on the Splunk Community!

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...