All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we collect Windows event logs with the Splunk Add-on for Microsoft Windows, and forward that data to Linux indexers?

mghocke
Path Finder
‎10-20-2016 10:04 AM

Hi everybody,

Is it possible to use the Splunk Add-On for Microsoft Windows when the indexers and search heads are all running on Linux? We have a group of people who want to collect Windows logs and throw them into Splunk, but they are also asking if we can install the Windows add-on. I guess my first questions would be, do we need to install anything on the search heads and indexers to support the functionality offered by this add-on? Or would it be sufficient to install a universal forwarder on a Windows host and put the add-on there?

Any input on how to approach this would be great!

Thanks!

--- Michael

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎10-20-2016 11:23 AM

There is no problem having a Windows host forward data to a Linux indexer. The Splunk Add-on for Microsoft Windows just collects data (perfmon, Windows event logs, scripted output, etc.) from Windows hosts. The Splunk App for Windows Infrastructure visualizes the data that is sent by the add-on (meaning the app does not collect data). Therefore, the Splunk App for Windows Infrastructure can be installed on Linux indexers and Search Heads as the app is platform independent.

View solution in original post

Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎10-20-2016 11:23 AM

There is no problem having a Windows host forward data to a Linux indexer. The Splunk Add-on for Microsoft Windows just collects data (perfmon, Windows event logs, scripted output, etc.) from Windows hosts. The Splunk App for Windows Infrastructure visualizes the data that is sent by the add-on (meaning the app does not collect data). Therefore, the Splunk App for Windows Infrastructure can be installed on Linux indexers and Search Heads as the app is platform independent.

Reply
Get Updates on the Splunk Community!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

We’ve discovered a bug that affected the auto-clear of Synthetic Detectors in the Splunk Synthetic Monitoring ...

Video | Tom’s Smartness Journey Continues

Remember Splunk Community member Tom Kopchak? If you caught the first episode of our Smartness interview ...