HI All,
I would like to index .evtx file stored in a different location in my universal forwarder.
E:\Logs\Events\Fixed.Evtx
What are the approaches we have, to index these files?
I read some documentation but with few concerns, like it should not be written while read by splunk? if so, how can we achieve this?
Regards,
BK
↧