1 Splunk server
1 Windows Server with Symantec Endpoint Protection Manager (SEPM)
I managed to export via UniversalForwarder all logs from SEPM to Splunk Server.
I see them via the command : "sourcetype = symantec:ep"
I follow the Manuel for inputs.conf on Symantec Server but with a modification :
I put the stanza not in %SPLUNK_HOME%\etc\apps\Splunk_TA_symantec-ep\local\inputs.conf because it didn't work
I put the stanza in %SPLUNK_HOME%\etc\apps\SplunkUniversalForwarder\local\inputs.conf
Then I tried to launch the add-on but i got the error at the first use "Ouups - 404 Error" for the Home Page.
I tried to re-install it, but still the same.
I know another post exist for this, but when I try to up it, someone told me "This is an old thread. Please post a new question."
So here we are ...
Thanks to all for your attention