update

deployment-apps/Splunk_TA_windows_dc/local/inputs.conf

@@ -39,6 +39,34 @@
 #  ---------------------------------------------------------------------------------------
 
 ###### WinEventLog Inputs for Active Directory ######
+###### OS Logs ######
+[WinEventLog://Application]
+disabled = 0
+start_from = oldest
+current_only = 0
+checkpointInterval = 5
+renderXml=true
+index=wineventlog
+
+[WinEventLog://Security]
+disabled = 0
+start_from = oldest
+current_only = 0
+evt_resolve_ad_obj = 1
+checkpointInterval = 5
+blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
+blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
+renderXml=false
+index=wineventlog
+
+[WinEventLog://System]
+disabled = 0
+start_from = oldest
+current_only = 0
+checkpointInterval = 5
+renderXml=true
+index=wineventlog
+
 
 ## Application and Services Logs - DFS Replication
 [WinEventLog://DFS Replication]