Archive
Highlighted

Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

New Member

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is not stopped the forwarding. Please help me how to troubleshoot and I have done the following.

1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

Tags (1)
0 Karma
Highlighted

Re: Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

New Member

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is stopped the forwarding. Please help me how to troubleshoot and I have done the following.
1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

0 Karma
Highlighted

Re: Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

Champion

Please check _internal index for any error.

0 Karma