Hello,
I've changed some whitelist parameters in the inputs.conf file to index Windows security event logs, however, I'm seeing the error:
message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe"" splunk-winevtlog - WinEventMon::processLogChannel: Failed to checkpoint for channel='security'
What is the problem?
Thanks!
i think i fixed it, stopped the service for few second and start it again. Thanks !
i think i fixed it, stopped the service for few second and start it again. Thanks !
Does your forwarder run as different user other than system? If so you may have permission issue. Other wise post a input stanza.