I am trying to write some source:: stanzas in props.conf to forward data to another system. For file inputs (e.g., monitor type inputs), I can write [source::/path/to/file] and it works. However, I am wondering what would the part of source:: be for other source types such as windows event logs. For example, when I tried [source::Application] for matching Windows Application Event logs, it didn't work, but when I tried [source::WinEventLog:Application], it worked.
My question is, is there a list of prefixes such as WinEventLog for input types other than file? For example, what would be the prefix patterns for Local Performance Monitoring, TCP/UDP, Registry Monitoring, Local Windows Host, Printer, Network monitoring etc? In lieu of prefix patterns, how would I write the source:: stanza for the above types?
... View more