I have some issues with setting up Splunk to read a WindwsEvent file stored on a network share. It seems like the setup is fine, but no files shows up in Splunk and nothing is indexed.
From the exact same destination I'm able to read windows update logs without any problems, so it shouldn't be any problems with the credentials. All files have the same permissions.
Since this is my first tme setting up Splunk I hope i have made some simple misstake which is easily fixed.
All access to the server is firewalled except for the network share where the logs are put as evtx files. I'm not allowed to connect directly to the originator. The files on the share are file dumps from the event log.