Hi,
I have added the following lines to the inputs.conf on the universal forwarder. But those events are not getting forwarded to Splunk. Any idea as to what I've done wrong here?
[WinEventLog://Microsoft-Exchange-HighAvailability/Operational]
disabled = 0
[WinEventLog://Microsoft-Exchange-ManagedAvailability/Monitoring]
disabled = 0
[WinEventLog://MSExchange Management]
disabled = 0
[WinEventLog://Microsoft-Exchange-MailboxDatabaseFailureItems/Operational]
disabled = 0
Regards,
Amal
... View more