Try: C:\Program Files\SplunkUniversalForwarder\var\lib\splunk\persistentstorage\WinEventLog or C:\Program Files (x86) SplunkUniversalForwarder ... by default the SplunkUniversalForwarder is where splunk lives i think ... View more

Hi, Extrahop is a real time protocol analysis appliance that receives a mirror of your desired network traffic. As Extrahop receives the traffic flow it will reconstruct the conversation between systems and give a break down of general stats. Additional triggers can be applied to do a more detailed analysis of the data as it flows into the system. This trigger can be set to push the data to Splunk via syslog. We currently send all of our db traffic through Extrahop and have the errors posted to Splunk. The trigger we use is available from Extrahop forums. It gives us client IP, server IP, error, method, processing time, and user in Splunk in near real time. Yes, errors pulled off of the wire and posted to Splunk in near real time! Also, I am not affiliated with Splunk or Extrahop other than as a happy client. ~jt ... View more