- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
esafaei
Explorer
12-06-2022
02:08 AM
Hi all,
Recently I've upgraded all splunk deployment tiers (search head, Indexer and Heavy Forwarder) and we are collecting Windows event by Splunk_TA_windows add-on.
Before the upgrade, Windows event fields like EventCode was appearing but after the upgrade only general fields is visible.
The Splunk_TA_windows add-on installed on all components of splunk (HF, SH and indexer)
Despite not appearing the fields, I can use missing fields like EventCode in search query and commands like top and stats.
How can I troubleshoot and resolve the problem? What's wrong? Anybody can help me?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

gcusello

SplunkTrust
12-06-2022
02:13 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content

gcusello

SplunkTrust
12-06-2022
02:13 AM
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
esafaei
Explorer
12-06-2022
02:16 AM
OMG!
😂😅😬
