Re: How to configure the Splunk Add-on for Microso...

cwchambe · ‎08-16-2016

Hi,

In Event Viewer, I have a Proof Point needed for Windows 8.1, Window 10, Event Viewer, Application and Services, Microsoft Windows NetworkProfile/Operational Logs. Unfortunately, nothing is showing.

In SplunkUniversalForwarder\etc\apps\Splunk_TA_Windows\local\inputs.conf, I have this value.

[Microsoft-Windows-NetworkProfile/Operational]
disabled = 0

May I asked for recommendations please?

Cheers, Cwchmbe.

dstaulcu · ‎08-16-2016

Hello. Looks like you are missing the input handler sourcetype prefix.. Your stanza should start with [WinEventLog://

cwchambe · ‎08-16-2016

Hello dstaulcu,

Thank you. That was perfect and well...intuitive too. I appreciate you helping a rookie.

Cheers, cwchambe

ppablo · ‎08-16-2016

Hi @cwchambe

Glad you found a solution through @dstaulcu. Please don't forget to resolve the post by clicking "Accept" directly below the answer, and upvote the answer to award dstaulcu more karma points for helping you out.

Cheers!

Patrick

How to configure the Splunk Add-on for Microsoft Windows to monitor Services NetworkProfile/Operational Logs?

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk