Getting Data In

How to collect Windows event logs without installing a universal forwarder?

kpavan
Path Finder

Hi All,

I need to collect the logs from a Windows machine into Splunk without installing any agent (universal forwarder). I just wanted to know how to achieve this in Splunk 6.3 running on RedHat 6.

With ref: http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata?r=searchtip

It says need to install Splunk Enterprise on Windows, but I don't want to install the any software on the servers since my client doesn't want to. So please let me know steps to achieve this.

Thanks!

0 Karma

alemarzu
Motivator

Hi kpavan,

You could try doing this
https://code.google.com/archive/p/eventlog-to-syslog/

Hope it helps.

0 Karma

gmerhej_splunk
Splunk Employee
Splunk Employee

You can install Splunk Heavy Forwarder on a windows machine, collect WMI data and forward them to your Splunk Indexers running on RedHat 6.

kpavan
Path Finder

can't we get without installing HF as well?

0 Karma

gmerhej_splunk
Splunk Employee
Splunk Employee

You will need a Windows machine to collect WMI data.

If your Splunk setup is non-Windows, you'll need a separate Windows instance running HF or UF.

See the paragraph "Search Windows Data on a non-Windows Instance of Splunk Enterprise": http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/ConsiderationsfordecidinghowtomonitorWindowsd...

If you opt for a UF, you cannot configure the WMI from the web interface but you can do the same through the wmi.conf:
http://docs.splunk.com/Documentation/Splunk/6.4.0/Data/MonitorWMIdata

kpavan
Path Finder

Thanks for your information!

0 Karma
Get Updates on the Splunk Community!

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

Overview Transport Layer Security (TLS) is a security communications protocol that lets two computers, ...