Hi, I'm assuming I'm missing something really basic, so here goes:
I have data being indexed in splunk, in an index called "windows" (suggested for the Windows Security Operations Center app). I can go to the main search window in splunk, and I can see the events that I would expect to see in the app, but I don't see any data at all in the app. The same goes for the PCI compliance app, and the windows app. Searches just show "no results found"
Any insight as to where I'm going wrong would be greatly appreciated.
Thanks,
Kevin
Same problem here, on multiple servers and workstations. Is there a solution or workaround?