Hi,
We are not receiving Windows event logs .Below is the stanza added in input.conf file. But we are not receiving the data. We are using Universal forwarder to forward data to Splunk Cloud. from the servers
Is it due to any permission issue in the servers? The same is executed as admin from the servers
Any suggestions would be much appreciated
[WinEventLog://Application]
disabled = 0
start_from = oldest
current_only = 0
checkpointInterval = 5
index = index_base-heilite
renderXml=false
Hi @dkgs,
some quick questions:
About the first question, it's important because you have to enable receiving on Heavy Forwarder.
About the second it's important to know if you correctly configured the destination of log send.
The third assures that the connection is OK and you have to debug only inputs.conf.
The fourt assures that you're watching the correct inputs.conf and you have to enable the wanted windows logs.
Ciao.
Giuseppe