Hi!
I have the Splunk Universal Forwarder installed on multiple Windows machines and connected to Splunk Enterprise configured both as receiver and deployment server.
I'd like to get the Application event logs from each Windows machine, but filtering some logs basing on the Server Class. From the Web UI, it seems that each Event Log is bound to a certain Server Class. Does it mean that only logs coming from that class are accepted?
Any suggestion?
Thanks
↧