...or a specific path. Baiscally I created a server class for the inputs.conf deployment, adding this: ###### OS Logs ###### [WinEventLog://Security] disabled = 0 index&n...
I want to block the audit.log file from a particular instance sending logs to splunk, is the stanza sufficient to accomplish that? Per matching a file: blacklist = <regular expression>
*...
Hi there. A simple question, it's not for a real usage, just a curiosity 😊 Does UF block inputs for system paths by default? An example, teorically an inputs like this [monitor:///...]
w...
Hey all I am taking input over TCP by having this in my inputs.conf [tcp://1.2.3.4:123]
connection_host = ip
index = index1
sourcetype = access_combined My question is, can I h...
Hi I have a basic questions about the inputs.conf file In our apps, we have a inputs.conf file under etc/apps/test/inputs.conf what is normal But what is the difference between etc/system/l...
...hat it is only running on about 30 devices. Here is the current section in inputs.conf : [WinEventLog://Security] disabled = 0 evt_resolve_ad_obj = 1 checkpointInterval = 5 b...
I want to add C:\windows\system32\winevt\logs\Microsoft-Windows-DriverFrameworks-UserMode/Operational as a stanza in my inputs.conf. How do I write the stanza? Thank you
I have a host that I am receiving logs into my heavy forwarder and that works fine. I now have a new log source on the same host and the entry in my inputs.conf is not passing the data I need t...
...roperties; we don’t have ssl options in inputs.conf just wondered if there was any other locations to check on the universal forwarder as it works fine for other servers.
...hey talk about modifying the file "props.conf" and "transforms.conf" what is the difference between doing it from inputs.conf and the other way? inputs.log [monitor:///folder/folder/folder/i...