https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287237#M54852 <P>You can install Splunk Heavy Forwarder on a windows machine, collect WMI data and forward them to your Splunk Indexers running on RedHat 6.</P> Mon, 11 Apr 2016 08:58:51 GMT gmerhej_splunk 2016-04-11T08:58:51Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287236#M54851 <P>Hi All,</P> <P>I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwarder). I just wanted to know how to achieve this in Splunk 6.3 running on RedHat 6.</P> <P>With ref: <A href="http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata?r=searchtip">http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata?r=searchtip</A></P> <P>It says need to install Splunk Enterprise on Windows, but I don't want to install the any software on the servers since my client doesn't want to. So please let me know steps to achieve this.</P> <P>Thanks!</P> Mon, 11 Apr 2016 08:54:38 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287236#M54851 kpavan 2016-04-11T08:54:38Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287237#M54852 <P>You can install Splunk Heavy Forwarder on a windows machine, collect WMI data and forward them to your Splunk Indexers running on RedHat 6.</P> Mon, 11 Apr 2016 08:58:51 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287237#M54852 gmerhej_splunk 2016-04-11T08:58:51Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287238#M54853 <P>can't we get without installing HF as well?</P> Mon, 11 Apr 2016 10:01:22 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287238#M54853 kpavan 2016-04-11T10:01:22Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287239#M54854 <P>You will need a Windows machine to collect WMI data.</P> <P>If your Splunk setup is non-Windows, you'll need a separate Windows instance running HF or UF. </P> <P>See the paragraph "Search Windows Data on a non-Windows Instance of Splunk Enterprise": <A href="http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/ConsiderationsfordecidinghowtomonitorWindowsdata#Polling_data_remotely_over_WMI.3F_Be_sure_to_read_this">http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/ConsiderationsfordecidinghowtomonitorWindowsdata#Polling_data_remotely_over_WMI.3F_Be_sure_to_read_this</A></P> <P>If you opt for a UF, you cannot configure the WMI from the web interface but you can do the same through the wmi.conf: <BR /> <A href="http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata">http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata</A></P> Mon, 11 Apr 2016 10:14:34 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287239#M54854 gmerhej_splunk 2016-04-11T10:14:34Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287240#M54855 <P>Thanks for your information!</P> Mon, 11 Apr 2016 10:21:45 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287240#M54855 kpavan 2016-04-11T10:21:45Z https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287241#M54856 <P>Hi kpavan,</P> <P>You could try doing this <BR /> <A href="https://code.google.com/archive/p/eventlog-to-syslog/">https://code.google.com/archive/p/eventlog-to-syslog/</A></P> <P>Hope it helps.</P> Mon, 11 Apr 2016 13:16:30 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-collect-Windows-event-logs-without-installing-a-universal/m-p/287241#M54856 alemarzu 2016-04-11T13:16:30Z