No, it is now located here - https://www.splunk.com/en_us/product-security.html - and now is being populated. ... View more

This is the info that I am pulling into Splunk from SharePoint 2019 perfmon IIS logs ULS logs I am storing the IIS and ULS logs in a sharepoint index. I built out a correlation search dashboard so I don't have to use the Merge-SPLogFile cmdlet for PowerShell. Here are the inputs.conf, props.conf and transforms.conf IIS [monitor://L:\inetpub\logs\LogFiles**.log] index = sharepoint sourcetype = iis ignoreOlderThan = 1d ULS [monitor://L:\Diagnosticslog] index = sharepoint whitelist = .*-\d+-\d+.log$ sourcetype = MSSharePoint:2019:ULSAudit ignoreOlderThan = 1d PROPS.CONF [MSSharePoint:2019:ULSAudit] SHOULD_LINEMERGE = false CHECK_FOR_HEADER = false LINE_BREAKER = ([\r\n]+)\d{2}/\d{2}/\d{4}\s\d{2}:\d{2}:\d{2}.\d{2}\s TRANSFORMS-ulscomment = uls_remove_comments SEDCMD-cleanup = s/(...([^*]+).*?...)//g TRANSFORMS.CONF [uls_remove_comments] REGEX = ^Timestamp DEST_KEY = queue FORMAT = nullQueue ... View more

Could you be so kind to open a new Answers post on this issue? I think this is a different root cause than this post. I'm gonna figure this out and try to get this fixed ASAP. ... View more