I am following the nxlog to splunk guide here: https://nxlog.co/documentation/nxlog-user-guide/splunk.html. Specifically, section '93.3. Sending Specific Log Types for Splunk to Parse'. When testing, even using the config from the page, I am still getting an error (see further below)

<Input eventxml>
Module im_msvistalog
Channel Security
CaptureEventXML TRUE
Exec $raw_event = $EventXML;

<Output splunk_hec>
Module om_http
AddHeader Authorization: Splunk c6580856-29e8-4abf-8bcb-ee07f06c80b3

This generates this error: ERROR invalid keyword: CaptureEventXML at C:\Program Files (x86)\nxlog\conf\nxlog.conf

Any ideas? thanks

AskedJanuary 24, 2020 - 6:41pm

Answer (1)