Thanks for the information. I'll maybe try to reinstall splunk and see what happens.
It's running on Server 2008r2, the 64-bit version. I just configured it to collect the local Windows event logs; the Security, Application, and System logs. Nothing is getting forwarded from anywhere else. I had the Windows App running first, installed the FISMA app, removed the Windows App and replaced it with the Windows TA one. It's also the generic search when it produces it.
I'll post my results after the reinstall.
... View more