Deployement_Server_VOLD/deployment-apps/Splunk_TA_sysmon-for-linux/default/inputs.conf

##
## SPDX-FileCopyrightText: 2021 Splunk, Inc. <sales@splunk.com>
## SPDX-License-Identifier: LicenseRef-Splunk-8-2021
##
##

[journald://sysmon]
interval = 30
journalctl-quiet = true
journalctl-include-fields = PRIORITY,_SYSTEMD_UNIT,_SYSTEMD_CGROUP,_TRANSPORT,_PID,_UID,_MACHINE_ID,_GID,_COMM,_EXE
journalctl-exclude-fields = __MONOTONIC_TIMESTAMP,__SOURCE_REALTIME_TIMESTAMP
journalctl-filter = _SYSTEMD_UNIT=sysmon.service
sourcetype = sysmon:linux