Hi.
I am able to successfully Splunk Windows Security Event logs. I am have a challenge configuring my inputs.conf file to send data logged in %SystemRoot%\System32\Winevt\Logs\Microsoft-IIS-Configuration%4Operational.evtx. These events appear in the event viewer - Applications and Service Logs - Microsoft - Windows - IIS-Configuration
Any direction would be great.
If your logs channels exists in the eventviewer, you can add them in splunk using the same name.
Here is the method http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/MonitorWindowsdata#Event_log_monitor_configur...