Hi,  ok, so updated AME to version 3.0.8. Now i cant access anything, even though I am sc_admin.    cant see the start, cant configure due to the fact that is says I must be sc_admin.    Checked users and roles and they are fine.    any thoughts? ... View more

Hello!  So here is a doozy.  We have blacklists in place using Regx. In particular this one: [WinEventLog://Microsoft-Windows-Sysmon/Operational] source= XmlWinEventLog:Microsoft-Windows-Sysmon/Operational disabled = false start_from = oldest current_only = 0 evt_resolve_ad_obj = 1 checkpointInterval = 5 blacklist1 = $XmlRegex= (C:\\Program Files\\Preton\\PretonSaver\\PretonService.exe)   along with some other blacklists in sequence as blacklist2, blacklist3 etc.  Now, on my and some colleagues local machines where I have tested the inputs.conf file to see if we are blacklisting correctly, it all works, no logs come into splunk cloud.   BUT when this is deployed using our deployment server to the estate the blacklist doesnt work.  Does anybody know where i can troubleshoot this from?  Ive ran the btool and confs come out fine.  we are local UF agents going to a DS then to Splunk Cloud.    ... View more