I am troubleshooting an issue where eventlogs from one of the remote server shows only partial data in Splunk. We are collecting the logs using a forwarder. The description of the eventlos are not getting collected. I have tried out various troubleshooting steps and one thing i was wondering is, is there a way we can run the same command which forwarder executes for collecting the logs, that way i will be able to understand if there is any windows issue which is causing partial collection of data.
Just to be clear, i am looking for something similar to this "splunk cmd splunk-wmi.exe -wql"(this one is for WMI)