Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How do I configure Windows server to send event log my splunk indexer installed in Linux?

tomero2011
Engager
‎01-24-2012 12:56 PM

Hi Splunkers,

I am very new to Splunk and would like to monitor Windows servers, how do I configure the Windows boxes to send their event data over to Splunk indexer? The indexer is installed in a Linux environment. Installing a Splunk forwarder on each Windows box does not seam to be a good option at my place.

Thank you for your advice.

Tags (1)
Reply

Ayn
Legend
‎01-24-2012 12:59 PM

Do you have a specific reason for thinking that it's not a good option to install a forwarder on each Windows server? This is exactly what I would do. The docs have good information on this subject, this is a good start: http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutWindowsdataandSplunk

EDIT: Oh, and this is even more excellent, covers exactly what you're asking about! http://docs.splunk.com/Documentation/Splunk/4.3/Data/ConsiderationsfordecidinghowtomonitorWindowsdat...

Reply

sloshburch
Splunk Employee
Splunk Employee
‎05-02-2019 05:46 AM

An updated link that furthers @ayn's point:
What are the best practices for installing Splunk on Windows endpoints?

0 Karma
Reply
Get Updates on the Splunk Community!

Data Preparation Made Easy: SPL2 for Edge Processor

By now, you may have heard the exciting news that Edge Processor, the easy-to-use Splunk data preparation tool ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...