I am looking to configure the Anomalous System Uptime report within the PCI app. As per the manual: "Relevant data sources for this report include uptime data extracted through scripts from Windows, Unix, or other hosts." Is then the Splunk_TA_windows pre-configured to pull the SystemUpTime? I cannot seem to find anything related to system uptime within the Windows logs; I tried looking at the data by doing sourcetype=Win*.
What does "data extracted through scripts" mean? Is this something that the Splunk Admin has to pull via Scripted Inputs?
Thanks rich! Actually, what I was looking was more on the line of Scripted Inputs. By going to WMI.conf we were able to enable the call that brings back the SystemUpTime and light up one of the dashboards of the PCI App.
Your comment sounds like you solved the problem on your own.
If that is the case, why don't you convert your comment above to an answer, add a bit more detail to make it easier for others with this problem to follow along, then mark your answer as The One True Answer? It is OK to do that when it's appropriate and it'll help people in the future!