LAPS logging and Splunk

LAPS logging and Splunk

When I try to search it in Splunk, nothing comes out!! According to Splunk, Event Code 4662 is too noisy, and Splunk gives an example to filter all Event Code 4662. I realize I use the sample inputs.conf from Splunk. Below is snippet of default inputs.conf.

It took me a couple of days trying many combination of inputs.conf, and finally I figure out the correct syntax.