I currently have a receiver setup and it's ingesting data from a log source. I am looking to install the Splunk Universal Forwarders on workstations to forward Sysmon.
Do I need a separate receiver port for the Sysmon data, or can I also forward that to port 9997? If so, how do I set the Sysmon data to go to it's own index?
Thx
↧