Solved: How do we setup "WinEventLog://HardwareEvents" and...

rangineniarunku · ‎06-15-2017

Can someone provide me the complete monitoring's stanzas for the "WinEventLog://HardwareEvents" and "WinEventLog://Setup" in inputs.conf for Splunk_TA_windows add-on.

I doubt whether it is same as that we do it for Applications,Security and System?

adonio · ‎06-15-2017

there it is

[WinEventLog://Setup]
checkpointInterval = 5
current_only = 0
disabled = 0
index = wineventlog
start_from = oldest

[WinEventLog://HardwareEvents]
checkpointInterval = 5
current_only = 0
disabled = 0
index = wineventlog
start_from = oldest

indeed like all others
hope it helps

View solution in original post

rangineniarunku · ‎06-15-2017

I tried to deploy the splunk_TA_Windows app from deployment server to the Host with splunk forwarder after the changes in inputs.conf, where I am able to see events indexed from "[WinEventLog://Security]", "[WinEventLog://Application]"and "[WinEventLog://System]" but not from "setup" and "HardwareEvents".

Do we need to make any other changes in Splunk_TA_windows app on Deployment server in order to get the missing logs to be indexed on splunk.

I did not find any script related to"HardwareEvents" or "Setup" at Splunk_TA_windows/samples where as we have for application,security and system

Can anyone help me with this??.

adonio · ‎06-15-2017

there it is

[WinEventLog://Setup]
checkpointInterval = 5
current_only = 0
disabled = 0
index = wineventlog
start_from = oldest

[WinEventLog://HardwareEvents]
checkpointInterval = 5
current_only = 0
disabled = 0
index = wineventlog
start_from = oldest

indeed like all others
hope it helps

How do we setup "WinEventLog://HardwareEvents" and "WinEventLog://Setup" in splunk_nix_windows inputs.conf

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life