Solved: Protocols for Windows add on

tmcbride17 · ‎12-19-2024

What protocols does the Windows Add on use to collect data and sent it to the Splunk server? HTTPS?

gcusello · ‎12-19-2024

Hi @tmcbride17 ,

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

View solution in original post

tmcbride17 · ‎12-19-2024

Thanks for the quick response!

gcusello · ‎12-19-2024

Hi @tmcbride17 ,

let me know if I can help you more, or, please, accept one answer for the other people of Community.

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

gcusello · ‎12-19-2024

Hi @tmcbride17 ,

the correct question is what's the protocol that uses Splunk Universal Forwarder to forward logs to the Indexers?

An add-on is a configuration on the UF.

To send logs, the UF usually uses TCP http or https, it depends if TLS is enabled or not and by default it uses the 9997 port but it can also use HEC, that's less efficient than the other.

Forwarders are managed by the Deployment Server using TCP https on port 8089.

Ciao.

Giuseppe

Protocols for Windows add on

configuration

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...