I have installed the Universal Forwarder on a Windows 7 Enterprise Workstation.
I installed selecting all the Eventlog sources.
It is forwarding events to an indexer running on Linux, but the Indexer only seems to be processing data for the WinEventLog:Setup sourcetype. I installed the Splunk Add-on for Microsoft Windows. Everything is at the default settings. I'm not certain why the Indexer is only choosing to process this Windows Event log sourcetype. How do I go about testing?
↧
