Good morning,
i have my conf files like this, saved in a new text file.
See please.
http://imageshack.us/photo/my-images/407/transforms.png/
http://imageshack.us/photo/my-images/525/props.png/
The source field is Application is correct because in windows the system logon come to splunk in source field "application)
tell me one thing, i gotta put this two files props and transform in forwarder or in indexer? Forwarder Windows 7, Indexer is Centos Linux (i got it, it is in forwarder)
And the files i can create like a txt file? (Ok i tried and i got it, yes a text file)
And should save like txt file? (Yes)
By the way i´m trying to exclude this.
"
04/05/2012 12:26:51 PM
LogName=ApplicationSourceName=Microsoft-Windows-Winlogon
EventCode=4101
EventType=4
Type=Information
ComputerName=joaovaladas-PC
TaskCategory=None
OpCode=None
RecordNumber=189997
Keywords=Classic
Message=Windows license validated.
sourcetype=WinEventLog:Application Options|
source=WinEventLog:Application Options
"
Many Thanks
JV
... View more