Hey there,
I apologize for the delay on this matter, but I would definitely love to share my findings.
Currently I have built a ESXi lab and I have installed the Splunk TA windows app in my Indexer and my UF.
I can see DHCP logs getting sent via index=windows sourcetype=DhcpSrvLog.
So I know the Splunk TA app works fine.
On my production side:
Here's my issue. I have multiple Domain Controllers to which are running as DHCP servers for our infrastructure, and I have found the file path it is exporting the logs to.
I believe the issue why it is not showing in my production environment is maybe due to having multiple Deployment Servers, one indexer, and a search head. VS, my lab that has one indexer, and UFs sending data.
Our DCs, we do not have access to install the Splunk_TA app...But we do have the TA app on our deployment servers...
I'm just trying to figure out the best solution with our infrastructure to get this working since I know the directory where the logs are being stored.
Any help is appreciated.
... View more