Updating this for end 2019 - I agree if you want to install a UF on all Windows systems. I wanted to call attention to the syslog-ng Windows Event Forwarder service (wef) that establishes a publisher/subscriber relationship with windows servers so that it collects logs with no agent installed on the Windows side. This has been out about a year and I have tested it through a load balancer to provide fail-over and scalability (although updates now make even this optional as most of those features are built in).
https://www.syslog-ng.com/community/b/blog/posts/how-to-collect-windows-event-logs-with-syslog-ng-without-installing-an-agent
From the syslog-ng system, you then can use the HTTP Event Collector (HEC) destination to natively send to splunk. I like both tools, but I see them fitting in different spaces. syslog-ng for collection, parsing and log routing and splunk as an excellent search tool.
https://www.splunk.com/en_us/blog/tips-and-tricks/syslog-ng-and-hec-scalable-aggregated-data-collection-in-splunk.html
https://www.syslog-ng.com/community/b/blog/posts/splunk-hec-sending-logs-using-program-destination-syslog-ng
Best,
Jim
... View more