soimeng

Activity Feed

Got Karma for Re: windows event log filter. ‎06-05-2020 12:46 AM
Posted Re: windows event log filter on Getting Data In. ‎04-04-2013 07:11 AM
Posted Re: windows event log filter on Getting Data In. ‎04-04-2013 07:09 AM
Posted windows event log filter on Getting Data In. ‎04-03-2013 08:08 AM
Tagged windows event log filter on Getting Data In. ‎04-03-2013 08:08 AM

Topics I've Started

Subject

Karma

Author

windows event log filter

For people has the same requirement. props.conf [WMI:WinEventLog:Security] TRANSFORMS-set= setnull,setparsing,nulladm transforms.conf [setnull] REGEX = . DEST_KEY = queue FORMAT = nullQueue [setparsing] REGEX =(?msi)^EventCode=4663 DEST_KEY = queue FORMAT = indexQueue [nulladm] REGEX =(?msi).Account\\sName:\\s+Administrator DEST_KEY = queue FORMAT = nullQueue

Karma from

User

Karma Count

Posts	3
Solutions	1
Karma Given	0
Karma Received	1
Member Since	‎03-27-2013

Online Status	Offline
Date Last Visited	‎06-05-2020 02:03 AM

Are you a member of the Splunk Community?

windows event log filter

Re: windows event log filter