Solved: How to set inputs file for collect WinEventLog for...

otis_huang · ‎03-13-2018

Dears,

How to set inputs file for collect WinEventLog for File Replication Service?
I try to add two kind of stanza in splunkforwarder file "$SPLUNK_HOME/etc/system/local/inputs.conf" as below:
But It doesn't work. Please help.

stanza:

[WinEventLog:File Replication Service]
disabled=0
sourcetype="WinEventLog:File Replication Service"
index=windows

or

[WinEventLog://File Replication Service]
disabled = 0

deepashri_123 · ‎03-14-2018

Hi otis_huang,

You can refer this doc below:
https://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/Configureanddeploythetechnicala...

Let me know if this helps!!

View solution in original post

deepashri_123 · ‎03-14-2018

Hi otis_huang,

You can refer this doc below:
https://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/Configureanddeploythetechnicala...

Let me know if this helps!!

otis_huang · ‎03-13-2018

It's AD server (Windows 2012 Enterprise).

p_gurav · ‎03-13-2018

Which windows version you are using?

How to set inputs file for collect WinEventLog for File Replication Service

stanza:

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform