We are trying to collect data from certain secure Windows Systems and the team have requested to install "Splunk Universal Forwarder" with minimal permissions within a domain group. (svcSplunkSecureWindows)
We are getting below Error:
splunk-winevtlog - WinEventLogChannel::subscribeToEvtChannel: Could not subscribe to Windows Event Log channel 'security'
The real question may be is not a Splunk query, but to Windows Guru's out there:
- How to attach a group read access to particular Windows Eventlog? so that "svcSplunkSecureWindows" group can read it.
↧