Getting Data In

Central Windows logs pulling point

Path Finder

Hello all,

Before we switched over to Splunk we used Loglogic. In Loglogic it was possible to setup a central pulling point for the windows logs using Lasso. I've been reading the Splunk documentation and I haven't seen anything that would suggest that I can forward the logs unless I install the forwarder on each Windows host. We have quite a bit of Windows host so doing individual installs would be very time consuming. So I was wondering if anyone has figured out how to set up a central point for pulling logs instead of installing the forwarder on each host.

Thanks,
JS

0 Karma
1 Solution

Legend

My Loglogic knowledge is a bit rusty, but isn't Lasso the actual Loglogic agents that you deploy on systems? So that would be the equivalent to Splunk's Universal Forwarders?

Remote retrieval of event logs can be achieved by polling them via WMI. This method has its fair share of caveats so consider carefully whether you want to go down that path before you choose what to do. But, yes, Splunk can do this as well. Here goes. http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWMIdata

View solution in original post

Legend

My Loglogic knowledge is a bit rusty, but isn't Lasso the actual Loglogic agents that you deploy on systems? So that would be the equivalent to Splunk's Universal Forwarders?

Remote retrieval of event logs can be achieved by polling them via WMI. This method has its fair share of caveats so consider carefully whether you want to go down that path before you choose what to do. But, yes, Splunk can do this as well. Here goes. http://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWMIdata

View solution in original post

Path Finder

Thank You!

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!