Is anyone having trouble with evenitid add-on working with Splunk_TA_windows add-on?
The Windows logs are being parsed and in a nice readable format but eventid seems to be expecting something different than what is being parsed. I'm getting results that don't match what I believe eventid is expecting.
example:
On the EventSources dashboard the Event Sources panel returns nothing for Error - All - * in the imput fileds. But if do a manual search just based on Type I get the following types (`event_sources`| stats count by Type)
Computer
OperatingSystem
Processor
Roles
Site
SiteLink
Subnet
This clearly doesn't seem to be what eventid is looking for. Any ideas on what could be happening ?
↧