All Apps and Add-ons
Highlighted

Can we collect Windows event logs with the Splunk Add-on for Microsoft Windows, and forward that data to Linux indexers?

Path Finder

Hi everybody,

Is it possible to use the Splunk Add-On for Microsoft Windows when the indexers and search heads are all running on Linux? We have a group of people who want to collect Windows logs and throw them into Splunk, but they are also asking if we can install the Windows add-on. I guess my first questions would be, do we need to install anything on the search heads and indexers to support the functionality offered by this add-on? Or would it be sufficient to install a universal forwarder on a Windows host and put the add-on there?

Any input on how to approach this would be great!

Thanks!

--- Michael

0 Karma
Highlighted

Re: Can we collect Windows event logs with the Splunk Add-on for Microsoft Windows, and forward that data to Linux indexers?

Splunk Employee
Splunk Employee

There is no problem having a Windows host forward data to a Linux indexer. The Splunk Add-on for Microsoft Windows just collects data (perfmon, Windows event logs, scripted output, etc.) from Windows hosts. The Splunk App for Windows Infrastructure visualizes the data that is sent by the add-on (meaning the app does not collect data). Therefore, the Splunk App for Windows Infrastructure can be installed on Linux indexers and Search Heads as the app is platform independent.

View solution in original post