splunk config (windows)

# splunk config (windows) ``` [WinEventLog://Application] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest index = wineventlog [WinEventLog://Security] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest index = wineventlog [WinEventLog://System] checkpointInterval = 5 current_only = 0 disabled = 0 start_from = oldest index = wineventlog [WinEventLog://Microsoft-Windows-TerminalServices-LocalSessionManager/Operational] checkpointInterval = 5 current_only = 0 disabled = 0 index = wineventlog start_from = oldest [WinEventLog://Microsoft-Windows-Sysmon/Operational] checkpointInterval = 5 current_only = 0 disabled = 0 index = wineventlog start_from = oldest [monitor://C:\inetpub\logs\LogFiles\W3SVC1\u_ex*.log] index = web sourcetype = iis disabled = 0 [monitor://C:\inetpub\logs\LogFiles\W3SVC2\u_ex*.log] index = web sourcetype = iis disabled = 0 ```