Splunk version 4.2.2
Universal forwarder version 6.2.1
We have already used Splunk from a few years ago, but we can't get windows event logs for Windows 2008 or 2012, so we installed universal forwarder on each windows 2008/2012 with firewall setting.
However we can't still receive any windows event logs.
Is this because of different Splunk versions? or Firewall settings made mistakes?
If you have any advice, please let us know.
6.x forwarders (universal/light/heavy) are backwards compatible down to 5.0.x indexers.
Thank you for your support.
As you advised, we could transfer syslog data using universal forwarder.