Hello,
I have a universal forwarder installed on our domain controllers to forward Windows event logs. In recent days, I do not see any events being indexed. I have verified that logs are still operating on the DCs and the UF is dialing home. From internal events, I do see the DCs status (see below) with recent time stamp.
11-19-2015 14:28:15.341 -0800 INFO Metrics - group=tcpout_connections, name=primary_indexers:x.x.x.x:9997:0, sourcePort=8089, destIp=x.x.x.x, destPort=9997, _tcp_Bps=207.67, _tcp_KBps=0.20, _tcp_avg_thruput=0.30, _tcp_Kprocessed=71, _tcp_eps=0.13, kb=6.08
How do I go about debugging and resume the wineventlogs indexing? Please advise.
Thanks
↧