Getting Data In

Setting up "Windows Host Information" gathering with universal forwarder?

Hudond
Path Finder

Good Morning

I wanted to ask if i could get some assistance/clarification on setting up the Windows Host Information gathering function in Splunk not just for local hosts but remote hosts also, via the universal forwarder.

I am trying to follow the following document but I am not clear on how to set things up with a remote server and the Universal forwarder:
Splunk® Enterprise - Getting Data In- Monitor Windows host information located here:

"https://docs.splunk.com/Documentation/Splunk/7.2.6/Data/MonitorWindowshostinformation"

In the section called Use Splunk Web to configure host monitoring subsection Select the input source

It describes choosing the Local Windows host monitoring option. I have performed the steps outlined and indeed I am getting information from my Splunk server but it is not entirely clear in the documentation on how to perform this on remote servers.

When going into Settings> data inputs> Forwarded Inputs (as opposed to local inputs) > Files and directories > New remote file and trying to setup a new data input there is no option to setup windows host information, it appears to be available under the local inputs only.

I am sure I am missing something but I am not sure what that step is?

Any guidance/information on how to set this up would be helpful

Thank you
Dan

0 Karma
1 Solution

anmolpatel
Builder

Install UF on the remote machine and install this Splunk TA.

https://splunkbase.splunk.com/app/742/

You will also need to install the TA on other Splunk components.

Note: If you're wanting to monitor a larger set of windows machines, the strategy will change.

View solution in original post

0 Karma

anmolpatel
Builder

Install UF on the remote machine and install this Splunk TA.

https://splunkbase.splunk.com/app/742/

You will also need to install the TA on other Splunk components.

Note: If you're wanting to monitor a larger set of windows machines, the strategy will change.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...