dzampino

Topics I've Started

This was the fix we were looking for. I ended up using group policy preferences to add NT SERVICE\SplunkForwarer to the Event Log Readers group instead of using Restricted Groups (defining members in Restricted Groups will remove members already in the group not listed, so be cautious).

Karma given to

User

Karma Count

Posts	1
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎08-23-2023

Online Status	Offline
Date Last Visited	‎11-08-2024 01:17 PM

Join the Conversation

Re: Sysmon events not getting indexed