Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Windows event logs missing

naagaraj
Engager
‎06-21-2021 09:29 AM

Hi All,

 

We are trying to monitor windows event logs from multiple systems by installing forwarders on individual machines and the logs are forwarded to a centralized splunk instance. 

During network outage/disconnection of internet in the individual systems, the event codes (4800 and 4801) are not getting captured in Splunk.

 

Below is the input.conf  we are using

[WinEventLog://Security]
checkpointInterval = 5
current_only = 0
disabled = 0
index = test_events
start_from = oldest
whitelist = 4624,4634,4800,4801

 

Could you please help us out.

0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...