I'm new to Splunk, and trying it out in a small environment of Windows 8 machines.
I have a Splunk frontend (collector?) running on Ubuntu, with a few Windows 8 clients.
I've deployed the Universal Forwarder via GPO to Windows 8 test machines
I installed the Splunk for Windows app on the Ubuntu collector (I see a cool Windows GUI on the :8000 interface now)
I've put the Splunk_TA_Windows app into the deplyoment_apps folder, and assigned it to the clients
Now the UI shows the apps are deployed (in the Forwarder Management panel), and clients are "Phoning Home" (cool!). However, I don't see any data being collected.
When I click on the "App: Windows" area in the :8000 gui, I don't see any events. Zero hosts, zero log names, etc.
Any thoughts on how to debug this?
... View more