Hello,
i want to collect events in the Windows 2008 (r2) event logs -> "Application and Services Logs" -> "microsoft" -> "Windows".
When i use the "add data" -> "windows event logs" in the splunk gui, i only see Eventlogs in the first hierarchie, like "system", "application", "powershell", "security" and so on.
Is there any additional configuration needed to collect the events, which are shown under "Application and Services Logs"?
Do i need snare or a forwarder?
Thank you
Regards
Marc
... View more