I'm evaluating Splunk Light for purchase and running in to some issues collecting Windows Event Logs from multiple servers. I installed the Universal Forwarder on a few machines, then to test the setup, I configured a receiver, created a server class, and set it up to collect logs from the Windows App, Sec, & Sys logs which is working great. So I continued installing the forwarder on a number of other machines and that's where I ran in to an issue. From looking through the UI and doing some Googling, it seems like Splunk Light isn't able to manage server classes, REALLY odd that you can create one and not modify it, but that would be absolutely fine if I had the ability to manage forwarder clients individually. However, it seems like that's not possible either: I can't setup a forwarded data input without using a server class. I can't add a new server to an existing server class. I can't add multiple server classes with the same Windows Event Log inputs. When I try, I receive an error "Cannot create another input for the event log "Application", one already exists." So how, are you supposed to collect forwarded Windows Event Logs from an additional server in Splunk Light? ... View more