Hi,
In Event Viewer, I have a Proof Point needed for Windows 8.1, Window 10, Event Viewer, Application and Services, Microsoft Windows NetworkProfile/Operational Logs. Unfortunately, nothing is showing.
In SplunkUniversalForwarder\etc\apps\Splunk_TA_Windows\local\inputs.conf, I have this value.
[Microsoft-Windows-NetworkProfile/Operational]
disabled = 0
May I asked for recommendations please?
Cheers, Cwchmbe.
Hello. Looks like you are missing the input handler sourcetype prefix.. Your stanza should start with [WinEventLog://
Hello dstaulcu,
Thank you. That was perfect and well...intuitive too. I appreciate you helping a rookie.
Cheers, cwchambe
Hi @cwchambe
Glad you found a solution through @dstaulcu. Please don't forget to resolve the post by clicking "Accept" directly below the answer, and upvote the answer to award dstaulcu more karma points for helping you out.
Cheers!
Patrick