Monitor remote Windows event logs

If you’ve installed a forwarder on a Windows machine, you can edit the inputs.conf file to configure Windows event logs that you want to monitor. Here is the configuration to monitor Windows Security, Application, and System event logs and store them in the index called remotelogs:

forward windows event logs

Restart the forwarder in order for the changes to take effect. We can run a search on our Splunk indexer to verify that events have indeed been indexed:

search windows event logs

Geek University 2021