All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can we collect Windows event logs with the Splunk Add-on for Microsoft Windows, and forward that data to Linux indexers?

mghocke
Path Finder
‎10-20-2016 10:04 AM

Hi everybody,

Is it possible to use the Splunk Add-On for Microsoft Windows when the indexers and search heads are all running on Linux? We have a group of people who want to collect Windows logs and throw them into Splunk, but they are also asking if we can install the Windows add-on. I guess my first questions would be, do we need to install anything on the search heads and indexers to support the functionality offered by this add-on? Or would it be sufficient to install a universal forwarder on a Windows host and put the add-on there?

Any input on how to approach this would be great!

Thanks!

--- Michael

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎10-20-2016 11:23 AM

There is no problem having a Windows host forward data to a Linux indexer. The Splunk Add-on for Microsoft Windows just collects data (perfmon, Windows event logs, scripted output, etc.) from Windows hosts. The Splunk App for Windows Infrastructure visualizes the data that is sent by the add-on (meaning the app does not collect data). Therefore, the Splunk App for Windows Infrastructure can be installed on Linux indexers and Search Heads as the app is platform independent.

View solution in original post

Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎10-20-2016 11:23 AM

There is no problem having a Windows host forward data to a Linux indexer. The Splunk Add-on for Microsoft Windows just collects data (perfmon, Windows event logs, scripted output, etc.) from Windows hosts. The Splunk App for Windows Infrastructure visualizes the data that is sent by the add-on (meaning the app does not collect data). Therefore, the Splunk App for Windows Infrastructure can be installed on Linux indexers and Search Heads as the app is platform independent.

Reply
Get Updates on the Splunk Community!

Blueprints for High-Maturity Operations: Splunk Lantern Articles on SOAR, ES 8.4, ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Simplifying the Analyst Experience with Finding-based Detections

    Splunk invites you to an engaging Tech Talk focused on streamlining security operations with ...

[Puzzles] Solve, Learn, Repeat: Word Search

This challenge was first posted on Slack #puzzles channelThis puzzle is based on a letter grid containing ...