I am somewhat new to Splunk but I have been assigned a configured system which I am trying to modify. It currently monitors filesystem changes and to make adjustments to that I modify an inputs.conf file under deployment_apps. I want to add windows registry monitoring. I am looking for a simple step by step procedure to add this monitoring to the existing systems. Do I add entries to the same inputs.conf file as the filesystem change or is there another area to add this information to? I would like to do this on the main Splunk server and push out the updates to the systems being monitored.
... View more