Monitoring Splunk
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to monitor logs from windows machine.

ppanchal
Path Finder
‎08-29-2018 03:54 PM

Hi,
I am struggling to monitor files from a windows machine.

Below is my inputs.conf file

[default]
index=maspat

[monitor://C:\MASPAT\Results]
sourcetype=mas
crcSalt=
ignoreolderThan=1d

Not sure why I see an unknown log like below getting logged instead of the actual files.

LogName=Application
SourceName=SecurityCenter
EventCode=15
EventType=4
Type=Information
ComputerName=AZP*******.wm.com
TaskCategory=The operation completed successfully.
OpCode=Info
RecordNumber=72097
Keywords=Classic
Message=Updated Symantec Endpoint Protection status successfully to SECURITY_PRODUCT_STATE_SNOOZED.

Tags (1)
0 Karma
Reply

mstjohn_splunk
Splunk Employee
Splunk Employee
‎08-30-2018 03:30 PM

hi @ppanchal,

Did @HiroshiSatoh solve your issue? If not, give us some more details to keep the post alive. That way, you have a greater chance of someone helping you solve your problem. Thanks!

0 Karma
Reply

HiroshiSatoh
Champion
‎08-29-2018 07:27 PM

There are various reasons why logs can not be acquired.
In addition to setting mistakes, search may also be wrong. Please check first according to troubleshooting.

http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/Troubleshoottheinputprocess

By the way, are you using crcSalt correctly?

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...