I've installed a universal forwarder on a Windows Domain Controller and configured on the Splunk server end I enabled receiving, but I got the following error once in messages
Received event for unconfigured/disabled/deleted index='wineventlog' with source='source::WinEventLog:Application' host='host::cc-dc5' sourcetype='sourcetype::WinEventLog:Application' (1 missing total)
I can't even find the host on the Splunk server when searching. Please help. I'm new to this.
Thank you,
... View more