Hi @sahiltcs, as I said, if you haven't specific restrictions to agent use, I always hint for using Universal Forwarder that's few intrusive and consumes few system resources and, at the same time, gives you many usefule fuetures (log cache, packets compression, packets optimization, etc...). About syslogs, are you speking of receive syslogs on a Windows machine or send syslogs from a Windows machine? If you're speaking of receiving syslogs, you can use a syslog receinver or Splunk that has a syslog receiver embedded. If you're speaking of sending syslogs from a windows machine, I'm not an expert, but I'm not sure that's possible, and anyway it's better to use a UF. About HEC, I used this way only to receive logs from applications, and anyway UF is always the best solution. At least, if you're speaking of using Windows as Operative System for the Splunk server, I always prefer Linux systems: I haven't any production Splunk architecture based on Windows server, with only one exception but it's very small and we're thinking to replace it. Ciao. Giuseppe PS.: Karma Points are appreciated 😉
... View more