Hello, I am looking for a help here, this is a very weird issue that I am facing. I have a requirement to monitor Event ID 4624 and 4625 from a specific set (10) of servers. I have used following inputs.conf, but instead of receiving these specific events data, i am receiving some other event codes such 4670, 4719, 4742, 4738 etc. I have tried almost all possible ways, but unable to understand what's really happening here. [WinEventLog://Security] disabled = 0 start_from = oldest current_only = 0 # only index events with these event IDs. whitelist = 4624, 4625 index = wineventlog sourcetype = xyz renderXml=false
... View more