Getting Data In
Highlighted

Why are my Windows security logs not coming from forwarders?

Path Finder

What could be the possible reason that Windows security logs are not coming from the forwarders?

How do I troubleshoot it?

Please let me know if you need any additional information.

0 Karma
Highlighted

Re: Why are my Windows security logs not coming from forwarders?

SplunkTrust
SplunkTrust

There are few more likely reasons.

1) The forwarders are not running
2) A firewall/networking change is preventing the forwarders from communicating with the indexers
3) SSL certificates have expired

You should find clues in Splunk's log files. Search index=_internal group=tcpin_connections.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma