Solved: How to add Windows Event Log Adaxes.evtx as an inp...

pkeller · ‎02-23-2017

I have some folks that want me to ingest Adaxes events under: Application and Services Logs -> Adaxes

I'm not quite sure how to construct the inputs. The example below would just be a shot in the dark.

[WinEventLog://Applications and Services/Adaxes]

Thank you

jlvix1 · ‎02-24-2017

Have you tried it?

Don't forget to add disabled=0 underneath it and you may need to add another / where there is only one?

Generally, I find that using UF's you are limited in choice to what is in the web interface on the HF when configuring from there, like app, sec and sys logs, no access to custom logs.

If you use a HF and get it to reach out directly via WMI or grab from local, you have more options and getting that input should be no problem.

If you're using inputs.conf then this link helps: http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/MonitorWindowseventlogdata

View solution in original post

jlvix1 · ‎02-24-2017

Have you tried it?

Don't forget to add disabled=0 underneath it and you may need to add another / where there is only one?

Generally, I find that using UF's you are limited in choice to what is in the web interface on the HF when configuring from there, like app, sec and sys logs, no access to custom logs.

If you use a HF and get it to reach out directly via WMI or grab from local, you have more options and getting that input should be no problem.

If you're using inputs.conf then this link helps: http://docs.splunk.com/Documentation/Splunk/6.5.2/Data/MonitorWindowseventlogdata

pkeller · ‎02-24-2017

... This worked

[WinEventLog://Adaxes]
disabled = 0

Thank you.
Paul

How to add Windows Event Log Adaxes.evtx as an input?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases