×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
EzSQZ
New Member
Member since: ‎02-14-2023
‎02-14-2023
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎02-14-2023
Topics I've Started
No posts to display.
View All

Re: How to configure the forwarding of Microsoft W...

by in Getting Data In
‎02-14-2023 04:12 PM
‎02-14-2023 04:12 PM
I would create a new index name call winprinmon and the specify it in in the input file. Also make sure you enable have enable Microsoft-Windows-PrintService/Operational in Windows Event Viewer and configure GP under computer configuration> admin templates> Printers> Allow job name in event logs to enable. To see files name being printing. [WinEventLog://Microsoft-Windows-PrintService/Operational] disabled = 0 renderXml = 1 checkpointInterval = 5 evt_resolve_ad_obj = 1 start_from = newest # only index events with these event IDs. whitelist = 307,805 index=winprinmon ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-14-2023 07:33 PM