Hello Upgraded Splunk Enterprise to 9.0.0 today - went OK. Upgraded Splunk Universal Forwarders on Windows Server 2019 to 9.0.0 - upgrade says all went OK. I opened cmd and executed splunk restart The SplunkForwarder restarts OK, but I get the following error:     Invalid key in stanza [webhook] in D:\Program Files\SplunkUniversalForwarder\etc\system\default\alert_actions.conf, line 229: enable_allowlist (value: false)     In the file alert_actions.conf on line 229:     [webhook] enable_allowlist = false       Anyone know why I'm seeing this after the upgrade? Thanks ... View more

Hello We are running Enterprise 8.2.6 (Windows Server).  We use a product called Fastvue Syslog Server on another Windows Server as a central Syslog server.   Fastvue Syslog writes out the syslogs into folders such as: D:\Logs\Syslog\Logs\switch\x.x.x.x\x.x.x.x-YYYY-MM-DD.log D:\Logs\Syslog\Logs\esx\x.x.x.x\x.x.x.x-YYYY-MM-DD.log (where x.x.x.x is the syslog client ip address) The Syslog Server has the Splunk Universal Forwarder installed as is configured to for output Windows Event Logs. The inputs.conf file has the following added in addition to the eventlogs: [monitor://D:\Logs\Syslog\Logs\switch\*] sourcetype = syslog-switch disabled = false [monitor://D:\Logs\Syslog\Logs\esx\*] sourcetype = syslog-esx disabled = false On the Splunk Indexer, we can see event logs from the Windows Server, but we are not seeing any syslog message from the logged files? Am I missing something? Thanks in advance.   ... View more