Hi
DHCP Logs from all DHCP servers are not updating in Splunk, even though the logs are in present in there. When I restart the universal forwarder, I'm seeing the logs in Splunk. Is this the issue with forwarder?
stanza in input.conf:
[monitor://$WINDIR\System32\DHCP]
disabled = 0
ignoreOlderThan=1d
whitelist = DhcpSrvLog*
crcSalt =
sourcetype = DhcpSrvLog
index = windows
↧