The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.
Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.
Previous Topic: Adding ODBC in Windows | Next Topic: Send alert when no log
Posts 1–3 of 3
Hi all,
I send windows event log via a Splunk forwarder to a Splunk server running on a Linux server. Can you please tell me how I can on the Splunk server find, sort log from windows security log - windows system log - windows application log.
I don't find any field telling the event comes from security, application, system log.
Thanks a lot for your help.
Pierre.
The "source" and "sourcetype" fields should differentiate among those log types.
Ok it works fine with host="MyHost" sourcetype="WinEventLog:Application"
Thanks a lot for your help
Pierre.