Can someone tell me the command Splunk is using to read the Windows security event log. I have one server that will send to _internal, but not send to the specified index of my input. It really seems like it can't read the event log. But I'm unsure. Are there some debug settings I can turn on? I came across this link and plan to try that tomorrow.
https://answers.splunk.com/answers/239644/how-to-troubleshoot-why-splunk-stopped-indexing-wm.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
↧