According to the Splunk App for Windows infrastructure docs, there should be a printer monitoring input available int the Splunk Add-On for Microsoft Windows. I have been looking all over the config files for the Technology Addon for Windows on my servers that have the app installed with within the universal forwarders, and I can't find any inputs to enable for print job monitoring.
Now, I could simply turn on the input on the Universal Forwarder's config, or add it to the TA's App config, however, the sourcetype expected by the Infrastructure App on my Indexer is "WinPrintMon", and not "WinEventLog:Microsoft-Windows-PrintService/Operational".
If there is an exisiting input on the TA to turn on, where is it?
If not, and I manually have to add it... do I simply force the sourcetype as "WinPrintMon" on the inputs.conf, or do I need to do a bunch of hullaballoo with props and transforms, too?
... View more