Hi i edited the inputs.cinfig file on my forwarder and once i restart splunk etc i see the data on search but it is not readeble. can anyone tell me what i am doing wrong?
[default]
host = xxxxxxx
[monitor://C:\Windows\System32\winevt\Logs\*]
disabled = false
index=xxxxxx
followTail = 0
sourcetype = sync
i have all the other data coming in fine.
Thanks,
![alt text][1]
[1]: /storage/temp/216658-sync-log3.png
↧
