The manager of mine isstarting out a Splunk project and is asking how expensive would it be to install and operate Splunk-based system consisting of a Forwarder on premises and Splunk in a Cloud? The system is planned to analyze SQL Server logs from several dozens of servers.
I would like to ask if there is a manual (or better "how-to" doc) describing what should be installed (and activated) on Windows 2008R2 Server and how to send data to an instance of Splunk Cloud? And if it's possible to have Splunk Cloud in Azure since we don't have Linux admins at the moment and it will take to allocate additional funds for hire them.
Splunk cloud is currently hosted on Amazon not on Azure, but as it is a SAS, you do not administrate it, therefore you do not need linux admins.
Also a windows forwarder can send logs to any type of indexers, event windows logs.
For the log collection on windows, here is the documentation for the windows infrastructure app, and the components that need to be deployed on the forwarders. http://docs.splunk.com/Documentation/MSApp
for the SQL server, I am not aware of any dedicated app, so you have to find the logs location and monitor them.