topic Are there limitations for a Splunk Indexer on Linux indexing imported Windows Event Logs? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Are-there-limitations-for-a-Splunk-Indexer-on-Linux-indexing/m-p/303641#M57328 <P>I referenced a prior question on this regarding Linux Splunk server and Windows Event Logs: <A href="https://answers.splunk.com/answers/60343/linux-splunk-server-and-windows-event-logs.html">https://answers.splunk.com/answers/60343/linux-splunk-server-and-windows-event-logs.html</A></P> <P>But this is more than 4 years old and I am hoping there might be a new app out there. </P> <P>In addition to native network monitoring through forwarders, we expect to receive Windows event logs in the native format (.evtx) on DVD. My indexer is on a Centos box. Do I still have to go through the "wevtutil" command to convert to XML, or is there a Splunk app that will allow me to ingest those native event logs directly?</P> Tue, 14 Feb 2017 20:30:57 GMT thomas_porter 2017-02-14T20:30:57Z Are there limitations for a Splunk Indexer on Linux indexing imported Windows Event Logs? https://community.splunk.com/t5/Getting-Data-In/Are-there-limitations-for-a-Splunk-Indexer-on-Linux-indexing/m-p/303641#M57328 <P>I referenced a prior question on this regarding Linux Splunk server and Windows Event Logs: <A href="https://answers.splunk.com/answers/60343/linux-splunk-server-and-windows-event-logs.html">https://answers.splunk.com/answers/60343/linux-splunk-server-and-windows-event-logs.html</A></P> <P>But this is more than 4 years old and I am hoping there might be a new app out there. </P> <P>In addition to native network monitoring through forwarders, we expect to receive Windows event logs in the native format (.evtx) on DVD. My indexer is on a Centos box. Do I still have to go through the "wevtutil" command to convert to XML, or is there a Splunk app that will allow me to ingest those native event logs directly?</P> Tue, 14 Feb 2017 20:30:57 GMT https://community.splunk.com/t5/Getting-Data-In/Are-there-limitations-for-a-Splunk-Indexer-on-Linux-indexing/m-p/303641#M57328 thomas_porter 2017-02-14T20:30:57Z Re: Are there limitations for a Splunk Indexer on Linux indexing imported Windows Event Logs? https://community.splunk.com/t5/Getting-Data-In/Are-there-limitations-for-a-Splunk-Indexer-on-Linux-indexing/m-p/303642#M57329 <P>HI,</P> <P>No that was an old threat i just finished a project using this environment and everything is good, as a charm. So dont worry, all you will need is Splunk universal forwarders on windows machines.</P> <P><STRONG>Melvin Gonzalez</STRONG><BR /> Security Consultant</P> Thu, 16 Mar 2017 20:31:18 GMT https://community.splunk.com/t5/Getting-Data-In/Are-there-limitations-for-a-Splunk-Indexer-on-Linux-indexing/m-p/303642#M57329 mgnzlz 2017-03-16T20:31:18Z