Hi Guys,
I have installed universal forwarder on Print server, Windows Server 2012 R2 and configured the receiver IP and Port on it.
On the Splunk deployment server, I tried to configure Windows Event Logs (Collect event logs from forwarders.) under Data Inputs however I don't see PrinterServer logs.
Screenshot: https://imgur.com/mEj1Kp5
I have configured the inputs.conf under local directory with the following and restarted the splunkuniversalforwarder service
[default]
host = PrintServer2012
[WinEventLog://Microsoft-Windows-PrintService/Operational]
disabled = 0
renderXml = 1
checkpointInterval = 5
evt_resolve_ad_obj = 1
start_from = newest
# only index events with these event IDs.
whitelist = 307,805
Any ideas how to get the logs into the Splunk?
↧