×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tminiz
Engager
Member since: ‎01-29-2014
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎01-29-2014
View All

Re: Windows Infrastructure App pulling from main i...

by in All Apps and Add-ons
‎05-25-2014 02:34 PM
‎05-25-2014 02:34 PM
Hi. You are right:) It was near the bottom of the eventtype.conf file. I tried searching for it in the file, but must av spelled something wrong. Also it was a very good tip to use to "setting|event type" in the UI. Changed all windows event types to (index="main" OR index="winevents") so i don't miss the old data. Works like a charm! I understand that moving data from the old index to the new is near impossible or can it be done? Thanks! ... View more

Re: Windows Infrastructure App pulling from main i...

by in All Apps and Add-ons
‎05-25-2014 12:42 PM
‎05-25-2014 12:42 PM
I see that the result returns as eventtype="windows_events", but that is not a type found in "splunk_app_windows_infrastructure/default/eventtypes.conf". Can it be somewhere else? ... View more

Re: Windows Infrastructure App pulling from main i...

by in All Apps and Add-ons
‎05-25-2014 12:11 PM
‎05-25-2014 12:11 PM
Are you sure this works for this app? I've tried changing, but it still only showed data from the main index. Even after restart ... View more

Windows Infrastructure App pulling from main index

by in All Apps and Add-ons
‎05-25-2014 07:46 AM
‎05-25-2014 07:46 AM
From several posts I have read that best practice for windows events are to forward them to a winevents index. I've just set up Splunk and at first I sent the data to default main, but recently changed it to winevents. When I open the Windows Infrastructure app the reports only show indexed data from main and not from winevents index. I've tried changing all index references to index=winevents, but still no success. Can anyone point me towards which config files I need to change to see the correct data in the reports? And am I right that it should be indexed to Winevents? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma given to
View All