Splunk Enterprise version 8.1 will no longer be supported as of April 19, 2023. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. Click here for the latest version.Download topic as PDF
The following are the spec and example files for
# Version 8.1.2 # # *** DEPRECATED *** # # # This file contains potential attribute/value pairs to use when configuring # Windows registry monitoring. The procmon-filters.conf file contains the # regular expressions you create to refine and filter the processes you want # Splunk to monitor. You must restart Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see the # documentation located at # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles #### find out if this file is still being used.
* The name of the filter being defined. proc = <string> * A regular expression that specifies process image that you want the Splunk platform to monitor. * No default. type = <string> * A regular expression that specifies the type(s) of process events that you want the Splunk platform to monitor. * No default hive = <string> * Not used in this context, but should always have value ".*"
# Version 8.1.2 # # This file contains example registry monitor filters. To create your own # filter, use the information in procmon-filters.conf.spec. # # To use one or more of these configurations, copy the configuration block into # procmon-filters.conf in $SPLUNK_HOME/etc/system/local/. You must restart # Splunk to enable configurations. # # To learn more about configuration files (including precedence) please see the # documentation located at # http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles [default] hive = .* [not-splunk-optimize] proc = (?<!splunk-optimize.exe)$ type = create|exit|image
Last modified on 28 January, 2021
This documentation applies to the following versions of Splunk® Enterprise: 8.1.2
Feedback submitted, thanks!