Hello everyone,

I have the following inputs.conf file which is actually working for the first 2 stanza, but not for the third one. could someone please tell me why? I do not get any events from them.

[WinEventLog://Security]
disabled = 0
renderXml = 1
start_from = oldest
current_only = 0
evt_resolve_ad_obj = 1
checkpointInterval = 5
sourcetype = XmlWinEventLog
index = ad
whitelist1=4624,4769,4728,4732,4756,4761,4751,4746

# This stanza will send all events for the event_code 21
[WinEventLog://Microsoft-Windows-TerminalServices-LocalSessionManager/Operational]
disabled = 0
renderXml = 1
sourcetype = XmlWinEventLog
index = ad
source="XmlWinEventLog:Microsoft-Windows-TerminalServices-LocalSessionManager/Operational"
whitelist2=21

# This stanza will send all events for the event_code 1024
[WinEventLog://Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational]
disabled = 0
renderXml = 1
sourcetype = XmlWinEventLog
index = ad
source="XmlWinEventLog:Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
whitelist3=1024

Thank you very much for helping me!