I am trying to get the windows events logs on Windows hosts by installing a forwarder and SplunkTAwindows on windows machines.
Any help will be appreciated.
Yes you need to install SplunkTAWindows on your indexer . It doesn't depend on the OS of the indexer.
Refer this link:
Let me know if this helps!!
@deepashri_123 is correct. I think the docs make it a bit confusing on this. The only reason the indexers would need to be Windows, is if you were also ingesting locally on the indexers as well.
You need to install TA_Windows on forwarder, indexer and search head all three layer.