• I installed windows Universal forwarder on a host as a local user and updated outputs.conf with the Indexer details .
• However as per doc , I never got this promt during installation: http://docs.splunk.com/Documentation/SplunkCloud/6.6.1/Data/MonitorWindowseventlogdata

"When the installer prompts you to specify inputs, enable the event log inputs by checking the "Event logs" checkbox."

• I also pushed inputs.conf for eventlog collection via deployment server with the below stanza. [WinEventLog://Application] disabled=0 [WinEventLog://Security] disabled=0 [WinEventLog://System] disabled=0

Eventlog data is not getting collected. Also there is no output for the host on the Search Head.

1) I noticed this error in the splunkd.log on the windows forwarder and I'm not aware of this error, also couldn't find much info on Splunk docs / splunk answers. All I did was installing the forwarder on the host. I never set up any cron for the splunk exe process and Im unable to figure out this error.

Could someone please guide:

08-01-2017 06:26:04.223 -0400 ERROR ExecProcessor - message from ""E:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"" splunk-powershell - Powershell::InitPowershell: Stanza get-networklatency. Invalid cron schedule: 0*/5***?

2) Also Am I missing out an any steps for configuring the windows forwarder Eventlog collection?