We have a Splunk environment with 1 Search Head/Deployment Server, 1 Cluster Master and 2 Indexers. We are also using the Splunk_TA_windows app
All other windows servers are running the Universal Forwarder. The configuration deployed from the deployment servers takes care of configuring the Universal Forwarders.
The Splunk servers themselves do have the Universal Forwarder (since they are allready Heavy Forwarders). How can I configure these servers to all forwarderd their (windows security) data so that it will be indexed?