I have successfully configured a Splunk Unversal Forwarder to read the local machine's eventlog.
However, Splunk doesn't appear to be able to read the "Data" information in Events. This is the section displayed as either a byte or word block the bottom of the Windows Event viewing dialog control.
The host server is quite old running Windows Server 2003 R2 Standard Edition Service Pack 2
Is it possible for Splunk to read this additional data?
Many thanks
Stephen
... View more