Splunk Universal Forwarder not monitoring WindowEv...

shivakarnati · ‎04-24-2019

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is not stopped the forwarding. Please help me how to troubleshoot and I have done the following.

1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

shivakarnati · ‎04-24-2019

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is stopped the forwarding. Please help me how to troubleshoot and I have done the following.
1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

p_gurav · ‎04-24-2019

Please check _internal index for any error.

Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Are you a member of the Splunk Community?

Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

Splunk Mobile: Your Brand-New Home Screen

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...