Windows Event Log files (.evtx) monitoring stop working after a while and the Splunk universal forwarder has to be restarted to start data collection again.
Here is the [monitor] stanza configured to monitor the Windows Event Log files (.evtx):
[monitor://C:\Windows\System32\winevt\Logs\VisualSVNServerActivity.evtx]
disabled = 0
index = WinEvent
[monitor://C:\Windows\System32\winevt\Logs\VisualSVNServerManagement.evtx]
disabled = 0
index = WinEvent
↧