Hi,
I am getting a warning after running any search job "Eventtype 'wineventlog_security' does not exist or is disabled." There is a post regarding this (https://answers.splunk.com/answers/744214/eventtype-wineventlog-security-does-not-exist-or-i.html) and it mentioned there to check that this eventtype is shared globally, and they are globally shared.
Would anyone know where else I should check? I am on version 8.0.0.
Thanks and regards
@africates - I have the same issue, did you find the solution ?
Can you post the actual error you are seeing? Perhaps a screen shot?
sorry, i thought i have uploaded the image. see updated post. thanks
I take it you have installed the windows TA on your searchhead?
I am guessing so, because you said that the event types are set to global.
Is there any chance you have changed the permissions on the installed TA from apps settings.
I have a funny feeling that if you set an event type to global, but in an app that does not give everyone read access you can get these errors.
hmm, thinking about this, I'm doubting my comment.
I'm not near a deployment to check this at the moment..
Hi nick, I have windows TA installed on the forwarders, but not in the server itself.
Oh! You probably want on your indexers and definitely on your search heads.
("probably" depends on your exact deployment) See:
https://docs.splunk.com/Documentation/WindowsAddOn/7.0.0/User/Install