Hello;
I am running several Microsoft Windows Event Collectors, and data contained within the App for Windows Infrastructure; mostly events, appear to be broken. If I search my data for "ComputerName" instead of "host", my searches seem to work; haven't tried in a dashboard or report.
Do I have to change the sourcetype on my event collectors inputs.conf, modify its transforms, re-write the dashboard searches?
I am looking for the easiest and most efficient route here, one that will not break later with an upgrade.
Thank you!
↧