A few more things to try:
Double-check your inputs configuration, and see if you are overriding `source` or `sourcetype` -- if you are, modify the searches suggested by Simeon accordingly.
Broaden your searches and try to match on raw text instead of source or sourcetype to see if those fields have something different than expected. Pick a string of text that you know appears in your Windows logs, and search on that: `index=* SomeRawText`
Run `netstat -p udp -b` to verify that the Splunk daemon is actually the process bound to that port.
If you suspect a firewall issue, try stopping Splunk and installing Kiwi Syslog or similar on that port, just long enough to verify that it can receive syslog messages. That will help narrow down the problem to either network/host configuration or Splunk configuration.
... View more