Splunk Universal Forwarder not monitoring WindowEv...

shivakarnati · ‎04-24-2019

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is not stopped the forwarding. Please help me how to troubleshoot and I have done the following.

1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

shivakarnati · ‎04-24-2019

The Splunk Universal forwarder is stopped forwarding windows Event Security logs,
After check the system logs we came to know that the system time has changed and at that point of time the Splunk UF is stopped the forwarding. Please help me how to troubleshoot and I have done the following.
1) I restarted the Splunk Universal Forwarder
2) I deleted inputs.conf file and again added that file.

p_gurav · ‎04-24-2019

Please check _internal index for any error.

Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events

Join the Conversation

Splunk Universal Forwarder not monitoring WindowEvent Security logs suddenly

New Year, New Changes for Splunk Certifications

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events