Threat Hunting trigger overview is full of 0

[javieru14]

Hi!

• I installed the splunkbase version.
• I have a server with Splunk and one PC with sysmon and universal forwarder

This is my C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf

[WinEventLog://Microsoft-Windows-Sysmon/Operational]
disabled = false
renderXml = 1
source = XmlWinEventLog:Microsoft-Windows-Sysmon/Operational
index = windows

[WinEventLog://System]
disabled = false
renderXml = 0
index = windows

[WinEventLog://Application]
disabled = false
renderXml = 0
index = windows

[WinEventLog://Security]
disabled = false
renderXml = 0
index = windows

[WinEventLog://Microsoft-Windows-PowerShell/Operational]
disabled = false
renderXml = 0
index = windows

[WinEventLog://Microsoft-Windows-Windows Firewall With Advanced Security/Firewall]
disabled = false
renderXml = 0
index = windows

• Is it okey???
• What is the inputs file that needs to be modified, C:\Program Files\SplunkUniversalForwarder\etc\system\local\inputs.conf or inputs.conf in sysmon app?