Hi All,
I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwarder). I just wanted to know how to achieve this in Splunk 6.3 running on RedHat 6.
With ref: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata?r=searchtip
It says need to install Splunk Enterprise on Windows, but I don't want to install the any software on the servers since my client doesn't want to. So please let me know steps to achieve this.
Thanks!
Hi kpavan,
You could try doing this
https://code.google.com/archive/p/eventlog-to-syslog/
Hope it helps.
You can install Splunk Heavy Forwarder on a windows machine, collect WMI data and forward them to your Splunk Indexers running on RedHat 6.
can't we get without installing HF as well?
You will need a Windows machine to collect WMI data.
If your Splunk setup is non-Windows, you'll need a separate Windows instance running HF or UF.
See the paragraph "Search Windows Data on a non-Windows Instance of Splunk Enterprise": http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/ConsiderationsfordecidinghowtomonitorWindowsd...
If you opt for a UF, you cannot configure the WMI from the web interface but you can do the same through the wmi.conf:
http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata
Thanks for your information!