I wanted to ask if i could get some assistance/clarification on setting up the Windows Host Information gathering function in Splunk not just for local hosts but remote hosts also, via the universal forwarder.
I am trying to follow the following document but I am not clear on how to set things up with a remote server and the Universal forwarder:
Splunk® Enterprise - Getting Data In- Monitor Windows host information located here:
In the section called Use Splunk Web to configure host monitoring subsection Select the input source
It describes choosing the Local Windows host monitoring option. I have performed the steps outlined and indeed I am getting information from my Splunk server but it is not entirely clear in the documentation on how to perform this on remote servers.
When going into Settings> data inputs> Forwarded Inputs (as opposed to local inputs) > Files and directories > New remote file and trying to setup a new data input there is no option to setup windows host information, it appears to be available under the local inputs only.
I am sure I am missing something but I am not sure what that step is?
Any guidance/information on how to set this up would be helpful