Hi,
I've got a universal forwarder and I'm trying to monitor `C:\Windows\System32\winevt\Logs`. I've tried 2 solutions: CLI and Inputs.conf.
CLI: `Splunk add monitor C:\Windows\System32\winevt\Logs`
inputs.conf:
[monitor://C:\Windows\System32\winevt\Logs]
disabled = 0
Both solutions are not working and I've tried a combination of the two. Am I missing a step? Are there anyways to troubleshoot this so I can get a clear picture of whats happening ( in this case, not happening)?
↧