Splunk_TA_Windows renames the sourcetypes for the windows logs.
WinEventLog:Security for example is renamed to wineventlog
Security Essentials searches fail.
| metasearch earliest=-2h latest=now sourcetype="*WinEventLog:Security" index=* | head 100 | stats count
Is this planned on being fixed, or should I remove Splunk_TA_Windows to use Security Essentials?
... View more