Solved: Re: How to set inputs file for collect WinEventLog...

otis_huang · ‎03-13-2018

Dears,

How to set inputs file for collect WinEventLog for File Replication Service?
I try to add two kind of stanza in splunkforwarder file "$SPLUNK_HOME/etc/system/local/inputs.conf" as below:
But It doesn't work. Please help.

stanza:

[WinEventLog:File Replication Service]
disabled=0
sourcetype="WinEventLog:File Replication Service"
index=windows

or

[WinEventLog://File Replication Service]
disabled = 0

deepashri_123 · ‎03-14-2018

Hi otis_huang,

You can refer this doc below:
https://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/Configureanddeploythetechnicala...

Let me know if this helps!!

View solution in original post

deepashri_123 · ‎03-14-2018

Hi otis_huang,

You can refer this doc below:
https://docs.splunk.com/Documentation/ActiveDirectory/1.2.2/DeployAD/Configureanddeploythetechnicala...

Let me know if this helps!!

otis_huang · ‎03-13-2018

It's AD server (Windows 2012 Enterprise).

p_gurav · ‎03-13-2018

Which windows version you are using?

How to set inputs file for collect WinEventLog for File Replication Service

stanza:

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025

Join the Conversation

How to set inputs file for collect WinEventLog for File Replication Service

stanza:

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Data Management Digest – December 2025