From 9ab763902097264337cfdd6c4a1404590efcc75d Mon Sep 17 00:00:00 2001
From: admingit <pamphile.jocelyn@gmail.com>
Date: Fri, 16 Feb 2024 11:27:48 +0100
Subject: [PATCH] update

---
 .../Splunk_TA_windows/default/inputs.conf     | 28 ++++++++++++-------
 1 file changed, 18 insertions(+), 10 deletions(-)

diff --git a/deployment-apps/Splunk_TA_windows/default/inputs.conf b/deployment-apps/Splunk_TA_windows/default/inputs.conf
index 3f26ec4e..bdbf0dce 100644
--- a/deployment-apps/Splunk_TA_windows/default/inputs.conf
+++ b/deployment-apps/Splunk_TA_windows/default/inputs.conf
@@ -11,28 +11,31 @@
 
 ###### OS Logs ######
 [WinEventLog://Application]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 checkpointInterval = 5
 renderXml=true
+index=wineventlog
 
 [WinEventLog://Security]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 evt_resolve_ad_obj = 1
 checkpointInterval = 5
 blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
 blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
-renderXml=true
+renderXml=false
+index=wineventlog
 
 [WinEventLog://System]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 checkpointInterval = 5
 renderXml=true
+index=wineventlog
 
 
 ###### Forwarded WinEventLogs (WEF) ######
@@ -214,13 +217,15 @@ disabled=1
 ###### Host monitoring ######
 [WinHostMon://Computer]
 interval = 600
-disabled = 1
+disabled = 0
 type = Computer
+index = windows
 
 [WinHostMon://Process]
 interval = 600
-disabled = 1
+disabled = 0
 type = Process
+index = windows
 
 [WinHostMon://Processor]
 interval = 600
@@ -234,13 +239,15 @@ type = NetworkAdapter
 
 [WinHostMon://Service]
 interval = 600
-disabled = 1
+disabled = 0
 type = Service
+index = windows
 
 [WinHostMon://OperatingSystem]
 interval = 600
-disabled = 1
+disabled = 0
 type = OperatingSystem
+index = windows
 
 [WinHostMon://Disk]
 interval = 600
@@ -254,8 +261,9 @@ type = Driver
 
 [WinHostMon://Roles]
 interval = 600
-disabled = 1
+disabled = 0
 type = Roles
+index = windows
 
 ###### Print monitoring ######
 [WinPrintMon://printer]
@@ -439,4 +447,4 @@ script = ."$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\windows_bios_da
 schedule = 0 */24 * * *
 source = Powershell
 sourcetype = win:bios
-disabled = 1
+disabled = 1
\ No newline at end of file