update

deployment-apps/Splunk_TA_windows/default/inputs.conf

@@ -11,28 +11,31 @@
 
 ###### OS Logs ######
 [WinEventLog://Application]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 checkpointInterval = 5
 renderXml=true
+index=wineventlog
 
 [WinEventLog://Security]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 evt_resolve_ad_obj = 1
 checkpointInterval = 5
 blacklist1 = EventCode="4662" Message="Object Type:(?!\s*groupPolicyContainer)"
 blacklist2 = EventCode="566" Message="Object Type:(?!\s*groupPolicyContainer)"
-renderXml=true
+renderXml=false
+index=wineventlog
 
 [WinEventLog://System]
-disabled = 1
+disabled = 0
 start_from = oldest
 current_only = 0
 checkpointInterval = 5
 renderXml=true
+index=wineventlog
 
 
 ###### Forwarded WinEventLogs (WEF) ######
@@ -214,13 +217,15 @@ disabled=1
 ###### Host monitoring ######
 [WinHostMon://Computer]
 interval = 600
-disabled = 1
+disabled = 0
 type = Computer
+index = windows
 
 [WinHostMon://Process]
 interval = 600
-disabled = 1
+disabled = 0
 type = Process
+index = windows
 
 [WinHostMon://Processor]
 interval = 600
@@ -234,13 +239,15 @@ type = NetworkAdapter
 
 [WinHostMon://Service]
 interval = 600
-disabled = 1
+disabled = 0
 type = Service
+index = windows
 
 [WinHostMon://OperatingSystem]
 interval = 600
-disabled = 1
+disabled = 0
 type = OperatingSystem
+index = windows
 
 [WinHostMon://Disk]
 interval = 600
@@ -254,8 +261,9 @@ type = Driver
 
 [WinHostMon://Roles]
 interval = 600
-disabled = 1
+disabled = 0
 type = Roles
+index = windows
 
 ###### Print monitoring ######
 [WinPrintMon://printer]
@@ -439,4 +447,4 @@ script = ."$SplunkHome\etc\apps\Splunk_TA_windows\bin\powershell\windows_bios_da
 schedule = 0 */24 * * *
 source = Powershell
 sourcetype = win:bios
-disabled = 1
+disabled = 1