We have the following -
[monitor://C:\Windows\System32\winevt\Logs\ADFS 2.0%4Admin]
disabled = 0
sourcetype=winevt:admin
index=<index_name>
NO_BINARY_CHECK = true
[monitor://C:\Windows\System32\winevt\Logs\AD FS 2.0 Tracing%4Debug.etl]
disabled = 0
sourcetype=winevt:tracingdebug.etl
index=<index_name>
NO_BINARY_CHECK = true
~
We get the following error -
Invalid key in stanza [monitor://C:\Windows\System32\winevt\Logs
\ADFS 2.0%4Admin] in C:\opt\splunk\splunkforwarder\etc\apps\xxxx_forwarder\local\inputs.conf, line 11: NO_BINARY_CHECK (value: true).
What can it be?
Because NO_BINARY_CHECK is props.conf attribute and not inputs.conf where you defined it. See this
https://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/Propsconf#Binary_file_configuration
Because NO_BINARY_CHECK is props.conf attribute and not inputs.conf where you defined it. See this
https://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/Propsconf#Binary_file_configuration
Oh oh - thank you!!!!