my inputs.conf says to monitor only application events but it is monitoring security and system logs as well. below is my inputs.conf file stanza.
[WinEventLog://Application]
checkpointInterval = 5
current_only = 0
disabled = 0
start_from = oldest
index=XXXXXXXXXXXXX
H @vinodrayedi,
have you other TAs as e.g. Splunk TA Windows?
You can debug this problem using btool
in $SPLUNK_HOME/bin
run ./splunk cmd btool inputs list --debug > my_inputs.txt
and reading the txt file.
for more infos see at https://docs.splunk.com/Documentation/Splunk/8.0.1/Troubleshooting/Usebtooltotroubleshootconfigurati...
Ciao.
Giuseppe