Hi: I've got Splunk for Symantec App installed, and the input.conf files pushed to the SEPM server with the Splunk Universal Forwarder forwarding the SEPM logs to Splunk with the default input.conf. I also setup SEPM (12) to 'Export Logs to a Dump File', with all of the options set on 'Log Filter'.
I can see that Splunk has data from some of the data sources (sep12:agent and sep12:system), but when I go to the Splunk for Symantec App, the dashboard is blank, as are any of the reports that are built in. Have I done something wrong that is causing Splunk to not index the log files properly?
SEPM 12.1.1101.401 Server 2003 (x86) Standard SP2
Thanks for any assistance you could provide.