Hello,
I have a client with a Windows 2008r2 server running a universal forwarder and set to forward Windows Event, Application, and Security logs to a heavy forwarder. From there the client is using SplunkCloud.
In SplunkCloud, I can see the machine connecting, but it doesn't seem to be sending any information.
I can see the following information:
***08-23-2016 01:24:27.191 +0000 INFO Metrics - group=per_host_thruput, series="Machine_Name", kbps=0.031723, eps=0.387102, kb=0.983398, ev=12, avg_age=0.916667, max_age=1
host = idx1.client.splunkcloud.com source = /opt/splunk/var/log/splunk/metrics.log sourcetype = splunkd***
The client does not believe it is a GPO problem.
I do not have direct access to the machine But I will be asking the client for the input.conf and output.conf files tomorrow.
Can someone point me in the right direction for solving this problem?
Thanks,
↧