I am trying to get the windows events logs on Windows hosts by installing a forwarder and Splunk_TA_windows on windows machines.
Any help will be appreciated.
Thank you.
Hello @amulay26,
You need to install TA_Windows on forwarder, indexer and search head all three layer.
http://docs.splunk.com/Documentation/Splunk/7.1.3/Indexer/Indextimeversussearchtime (Field extraction)
Hey@amulay26,
Yes you need to install Splunk_TA_Windows on your indexer . It doesn't depend on the OS of the indexer.
Refer this link:
http://docs.splunk.com/Documentation/WindowsAddOn/5.0.0/User/Install
Let me know if this helps!!
@deepashri_123 is correct. I think the docs make it a bit confusing on this. The only reason the indexers would need to be Windows, is if you were also ingesting locally on the indexers as well.