https://community.splunk.com/t5/Splunk-Search/Export-Windows-Event-LOG/m-p/544068#M154114 <P>Start by telling your Security people that you'll be using Splunk to monitor WinEventLog:Security, which will *enhance* the security of those servers.&nbsp; They probably won't care, but at least then you'll know what hypocrites they are.</P><P>Another possibility is to forward the Windows events to another server that can run a UF.&nbsp; See&nbsp;<A href="https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection" target="_blank">https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection</A>&nbsp;for more about event forwarding.</P><P>Still another possibility that I've never seen done is to forward the Windows events in HTTP protocol directly to a HEC input.&nbsp; See the same link above.</P> Tue, 16 Mar 2021 19:43:48 GMT richgalloway 2021-03-16T19:43:48Z https://community.splunk.com/t5/Splunk-Search/Export-Windows-Event-LOG/m-p/544062#M154112 <P>Hi,<BR />I need to import the security and application logs of many windows servers to splunk, but for security reasons I cannot install a splunk universal forwarder instance, I read on the splunk documentation that it is not recommended to use wmi to import the logs .. .<BR />What do you recommend?</P><P>thanks!</P> Tue, 16 Mar 2021 19:29:33 GMT https://community.splunk.com/t5/Splunk-Search/Export-Windows-Event-LOG/m-p/544062#M154112 robertocapizzo9 2021-03-16T19:29:33Z https://community.splunk.com/t5/Splunk-Search/Export-Windows-Event-LOG/m-p/544068#M154114 <P>Start by telling your Security people that you'll be using Splunk to monitor WinEventLog:Security, which will *enhance* the security of those servers.&nbsp; They probably won't care, but at least then you'll know what hypocrites they are.</P><P>Another possibility is to forward the Windows events to another server that can run a UF.&nbsp; See&nbsp;<A href="https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection" target="_blank">https://docs.microsoft.com/en-us/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection</A>&nbsp;for more about event forwarding.</P><P>Still another possibility that I've never seen done is to forward the Windows events in HTTP protocol directly to a HEC input.&nbsp; See the same link above.</P> Tue, 16 Mar 2021 19:43:48 GMT https://community.splunk.com/t5/Splunk-Search/Export-Windows-Event-LOG/m-p/544068#M154114 richgalloway 2021-03-16T19:43:48Z