Can you give me tips on how i can upload a .evt file to splunk?
Because i have a xxxx.evt here and how i can add as a data to splunk? and convert it as csv file.
i been reading this
and it did not resolve mu issue
Thanks and Regards
Usually you don't read directly the WindowsEventLogs, and use the special inputs that calls the windows system API.
However if you have evt files exported (not locked or touched by windows), you can to monitor them as regular files :
- please import the log file on the same OS version in order to translate them correctly
stopping all listening ports? 2 Answers
Can I "/dev/null" a sourcetype? 1 Answer