Hello,
I have purchase Splunk Enterprise 1GB/day and I want to configure the forwarder on Domain Controller to send data about Security Events on Event Viewer. I want to index all access of domain admins.
How can I limit the indexer to send only events of access by domain admins?
Thanks