I'm not sure what I'm doing wrong here, but trying to configure a universal forwarder on Windows so it automatically sends all event logs, performance data etc. If I select this during the installation it just 'works', however that's with a custom install and checking all the boxes. If I do a regular install I cannot figure out how to enable those features. I am sending down to the forwarders the Splunk_TA_Windows.
The related item is that we need to send each universal forwarder to their specific index, I've been able to do this with modifying the input.conf file - is there a way to 'push' this to the forwarder instead?
... View more