Hi @Gregski11 , I don't know your infrastructure, but a Windows DS can be used without issues if you have to manage only Windows servers, if you want to manage Linux servers, using a Windows DS you lose the grants configurations so you cannot use scripts inputs. Anyway, all the Splunk servers should directly send their logs to the Indexers (also DS) and you can do this by GUI in [Settings > Forwarding and Receiving > Forwarding], setting up the destination Indexers. If you are using to deploy an outputs.conf to your managed servers, you can use it (uploading) without making a manual configuration (I prefer this solution, than manually manage!). You don't need to access conf files if you send clear text logs, if you are using a certificate (even if Splunk auto generated)), you need to manually modify a conf file. About how to configure inputs, I don't like to use the Settings > Inputs feature, because you need to manually manage it, it's better to use the same Splunk_TA_Windows that you deployed to the Windows Servers, and you can manually upload it, without accessing the CMD environment. Ciao. Giuseppe
... View more