I am currently having issues with getting my SPLUNK for Windows app to work properly. I have deployed my SPLUNK forwarder to roughly 300 windows boxes but only show a counter performance counter of 2. The Hosts field in Windows shows all 300 servers that I have but the performance does not.
I am trying to search for a specific Windows username that is failing in the Windows Security log but cannot perform this search. If anyone knows an easier way to find the Windows user and events it is tied to I would appreciate it. Also, if there is something wrong with my Windows app please let me know any potential fixes. I am only monitoring the Security eventlog on my Windows boxes. Thanks for the help!
... View more