Splunk_TA_Windows renames the sourcetypes for the windows logs.
WinEventLog:Security for example is renamed to wineventlog
Security Essentials searches fail.
| metasearch earliest=-2h latest=now sourcetype="*WinEventLog:Security" index=* | head 100 | stats count
Is this planned on being fixed, or should I remove Splunk_TA_Windows to use Security Essentials?
Ah ha! Thank you for the detailed question! I wasn't aware of this.
Yes, I'm nearing complete on SSE 2.2, and will have this fixed in that version. I'll post back here once I release it, but expect it no more than 2 weeks away, and I'll strive to have it done within 1 week.
Ah ha! Thank you for the detailed question! I wasn't aware of this.
Yes, I'm nearing complete on SSE 2.2, and will have this fixed in that version. I'll post back here once I release it, but expect it no more than 2 weeks away, and I'll strive to have it done within 1 week.
Thank you for your response. I look forward to working with the new version and verifying the data.