@splunksundar Splunk does not provide Windows images (as far as I know).
I am original author of Splunk Docker images (ex-splunker). Our company (https://www.outcoldsolutions.com) provides tools for monitoring Docker, Kubernetes, OpenShift clusters in Splunk, and also consulting for topics related to Splunk + Docker/Kubernetes/OpenShift. I have researched a while ago images for Windows, but because there were no need in them, have not continued that. Feel free to send me an email email@example.com, possible I will be able to help you with getting these images for Windows.
@splunksundar sorry, I am a little bit confused by your question. You cannot run Linux containers on Windows Containers, and most of the software built for collecting metrics from Linux will not work for Windows, because of the OS differences. And we do not provide currently our containers for Windows, because of that. Depends on demands, probably we will at some point, but not right now.
I would suggest to just try to install Splunk UF directly on Windows Host, where you are going to run containers, with Splunk Add-on for Microsoft Windows (https://splunkbase.splunk.com/app/742/), considering that all processes (including the one from containers) will run on the same kernel (if you aren't going to run them as Hyper-V containers) - you should get all the information in Splunk.
Linux indexers and forwarders are capable of receiving logs forwarded by Windows machines already, so I can't imagine a scenario where that wouldn't be sufficient for you.
If you have a Windows container already, you should be able to install the Splunk Universal Forwarder inside it without issue. Splunk makes life easy when it comes to installing their product, as there are no external dependencies; they package all the libraries and executables needed in the installer you download from Splunk.
Installing the UF as part of your image should be pretty trivial. With the right pared down config, it could be pretty efficient as well, while retaining flexibility to expand capabilities, like run a script or sniff traffic.
I am thinking that WEF might be an option as well, if installing the UF turns out to be undesirable, or if you want to try and avoid any installs of packages in the container beyond whatever its already doing. Then you could look at running a single WEC with a UF installed.
Generally I'd say the UF is the better option
Otherwise, I's assume there will eventually be some azure flavor of integration that might be able to leverage other services/features.