I have a stand-alone instance of Splunk running on Linux. I have a Universal Forwarder installed on Windows 7 with the intent to collect the Windows event logs. The stand-alone instance was enabled to become a deployment server when I configured the UF (Universal Forwarder) and pointed output back to the Stand-alone. I have good communication and deployed the Splunk Add-on for Microsoft Windows to the UF successfully. However the Windows events are not rolling in. Any ideas where to start troubleshooting this?
Thank you
↧