What are the benefits of Splunk for Windows technology add-on over Splunk for Windows?
Some customers asked us for Windows knowledge (eventtypes, fields, lookups, etc) and input (WinEvtLog, WMI, etc) packaged separately from the Splunk Web UI aspects. Often, this request was in order to facilitate use on forwarders or when the primary use case for Windows data is to correlate with other data sources in an app other than Splunk for Windows.
In terms of the knowledge layer, the Windows technology add-on does have a few benefits compared to the Splunk for Windows app. Besides more in depth descriptions and the addition of event code lookups, a key thing to note is that the Windows technology add-on is Common Information Model compliant, which facilitates use with CIM-compliant solutions such as Splunk Enterprise Security Suite and Splunk for PCI Compliance.
Some customers asked us for Windows knowledge (eventtypes, fields, lookups, etc) and input (WinEvtLog, WMI, etc) packaged separately from the Splunk Web UI aspects. Often, this request was in order to facilitate use on forwarders or when the primary use case for Windows data is to correlate with other data sources in an app other than Splunk for Windows.
In terms of the knowledge layer, the Windows technology add-on does have a few benefits compared to the Splunk for Windows app. Besides more in depth descriptions and the addition of event code lookups, a key thing to note is that the Windows technology add-on is Common Information Model compliant, which facilitates use with CIM-compliant solutions such as Splunk Enterprise Security Suite and Splunk for PCI Compliance.