Hi Splunkers,
I am feeling not good with running a SIEM solution on Windows, but the customer wants it absolutely.
Any known bugs, or functions that will not work on Windows Server 2008 R2 or 2012?
thanks for your help
Benjamin
We are also running it on Windows, there's just only advantages for us.
Easier to manage, monitor and its more reliable for us.
Powershell gives lots and lots of possibilities to extend ES.
Works flawlessly without any issues.
Great thanks.
As I can see, the Splunk For Stream Add on will not work on Windows in the moment. ES has an add on for Stream. Has anybody used this already?
We are also running it on Windows, there's just only advantages for us.
Easier to manage, monitor and its more reliable for us.
Powershell gives lots and lots of possibilities to extend ES.
Works flawlessly without any issues.
Hey Benjamin,
You will see severely decreased performance for everything that's backed by Python, such as editing correlation searches, incident review, and the like. I've implemented some improvements and documented my woes here: http://answers.splunk.com/answers/185584/editing-notable-events-is-running-slow.html
On a very slow machine I've "improved" saving comments on a notable event from 25 to 18 seconds...
Good to know, thanks.