Thanks for your reply.
I have installed the heavy forwarder (Splunk Enterprise) on the same machine we run SCOM operations console. (Server A)
I have then installed Splunk Enterprise on our receiving machine. (Server B)
On Server A, I have configured the forwarder to IP:9997 where IP is Server B's address.
On Server B, I have enabled receiving on port 9997.
On Server A, when I use the addon to search it cant find anything.
I have followed all the guides. Can you advise more on the search head as this is something I haven't done?
In addition, according to the logs. This is the error message I am getting:
017-10-05 04:46:01 -04:00 [ log_level=ERROR pid=17432 input=_Splunk_TA_microsoft_scom_internal_used_Events ] New SCOMManagementGroupConnection Fail: The request was aborted: Could not create SSL/TLS secure channel.
at newSCOMManagementGroupConnection, C:\Program Files\Splunk\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1: line 737
at run, C:\Program Files\Splunk\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1: line 562
at , C:\Program Files\Splunk\etc\apps\Splunk_TA_microsoft-scom\bin\scom_command_loader.ps1: line 813
at , : line 1
at , : line 46
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.GetResponse(WebRequest request)
at Microsoft.PowerShell.Commands.WebRequestPSCmdlet.ProcessRecord()
2017-10-05 04:46:01 -04:00 [ log_level=WARN pid=17432 input=_Splunk_TA_microsoft_scom_internal_used_Events ] End SCOM TA
... View more