I have an Enclave server that already forwards logs to my indexer. We installed a network interface that should remain turned off unless we are upgrading/patching the server. Is there a way to see if the Network interface was left ON?
If the state of the network interface is in Splunk, then you can search for it to see if it's on or not.
How can I see if the state of the network interface is in splunk? What would I be searching for?
I have to defer to a local data expert (hopefully, that's you). Try searching for the interface name.
I am seeing the perfmon interface logs but not from all the hosts only some.
If you see the network interface for the Enclave server then you should be all set. Otherwise, you have some onboarding or troubleshooting to do.
Looks like I have a lot of onboarding to do I am able to see my forwarders but I am not getting logs for some of the devices.
