How to install and configure a Windows forwarder o...

artemf · ‎06-25-2015

Hi,

The manager of mine isstarting out a Splunk project and is asking how expensive would it be to install and operate Splunk-based system consisting of a Forwarder on premises and Splunk in a Cloud? The system is planned to analyze SQL Server logs from several dozens of servers.

I would like to ask if there is a manual (or better "how-to" doc) describing what should be installed (and activated) on Windows 2008R2 Server and how to send data to an instance of Splunk Cloud? And if it's possible to have Splunk Cloud in Azure since we don't have Linux admins at the moment and it will take to allocate additional funds for hire them.

Thank you in advance,
Artem.

yannK · ‎09-11-2015

Splunk cloud is currently hosted on Amazon not on Azure, but as it is a SAS, you do not administrate it, therefore you do not need linux admins.
Also a windows forwarder can send logs to any type of indexers, event windows logs.

For the log collection on windows, here is the documentation for the windows infrastructure app, and the components that need to be deployed on the forwarders.
http://docs.splunk.com/Documentation/MSApp
for the SQL server, I am not aware of any dedicated app, so you have to find the logs location and monitor them.

How to install and configure a Windows forwarder on premises and use Splunk Cloud to analyze SQL Server logs?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases