You can use WMI to pull EventLog from remote computer but you sitll have to install that windows splunk component which will be doing the pulling (UF or HF) somewhere.

There are several methods of collecting windows EventLogs.

The easiest and most straightforward way is to install UF on a monitored server and pull events directly from local eventlog. But it might create issues of scalability and windows admins might not be thrilled if you want to install third-party tools on domain controllers or other important servers.

Another relatively well working idea is to use Windows Event Forwarding (easy to set up in a domain environment, can be also confuigured in domainless setup but then it gets complicated but still possible) and pull windows from a central eventlog collector. I use it quite a lot. Be aware of possible performance issues as you scale horizontally too far.

WMI can be used to pull from remote computers but that's generally a last resort solution. Performance is not very good, you _must_ run the UF with domain account (which implies that it can only be used in domain environment) and there are often issues with permissions/privileges so it might be tricky to set up unless you have a very good windows admin team.

The solution which can be used but honestly speaking should never even be considered is using a third party forwarder (typically a syslog one like kiwi, solarwinds or nxlog). This way you might relatively easily get your logs and syslog is easy to receive but the events you get this way will be horribly mangled and not suitable for typical slplunk-side processing (meaning they will not be understandable by TA-windows).