Universal Forwarder installed on a Windows server using all default settings.
Where can I find the stanza that has the types of events it is logging so that I can validate it received th
No one stanza has that information. The best way, IMO, to see what a UF is sending to the indexers is use btool. On the server running the UF, run this CLI command:
C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe btool -debug inputs list
You will need the admin credentials you defined when you installed the forwarder. It will then spit out a list of all of its input stanzas and associated settings.
View solution in original post
Open cmd line and navigate to %SPLUNK_HOME%\bin in Windows and execute the following command to find the input stanzas being configured by default.
splunk btool inputs list
An upvote would be appreciated and accept solution if it helps!