A subset of our remote event log collections have stopped spontaneously.
We have a total of 70 remote event logs being monitored, however approx 25% of them have stopped.
Most of these stopped on the same day, and some stopped a couple days later. They are using the same index.
I have disabled collection of one device and then re-enabled it and that has restored the logging on that device.
As soon as I track down who ordered Splunk I am planning for a support call, but I wanted to check and see if this is a known issue or if I am doing something wrong while I sort out the support login.
... View more