Hey,
I want to monitor the changes in my Windows Registry. I have did the needed procedures and steps however the index i use for my Windows Registry is always empty whenever i do the following command.
index="Registry"
The steps i did was firstly, to add registry data into Splunk Home->Add data->Windows Registry->Collect Windows Registry data on this Splunk Server
Next, i clicked on new and filled in the following information: Collection Name: Registry Registry Hive: HKEY_LOCAL_MACHINE?.* Baseline: Yes Index: Registry
This is what is in my inputs.conf
[script://$SPLUNK_HOME\bin\scripts\splunk-regmon.path]
disabled = 0
interval = 60
sourcetype = WinRegistry
source = WinRegistry
May i ask if i missed out any steps? And why my Registry Index is empty? Thanks a lot! (:
