The universal forwarders on the Windows instances collect the Windows data. If you want to transform this data in any way before you index it, you must use at least one Splunk Enterprise heavy forwarder to perform the transformations. Universal forwarders on every Windows machine from which you want to collect Windows data.ĭepending on the size of your Windows network, you might want to set up a tier of intermediate forwarders to aggregate and send the data to your Splunk Cloud Platform instance.The Splunk Cloud Platform instance, where you see the Windows data.You can forward Active Directory data to another Splunk Enterprise server.Ī Splunk Cloud Platform deployment that monitors Windows data consists of the following components: Splunk Cloud Platform can audit any changes to the Active Directory, including changes to user, group, machine, and group policy objects. You can use a universal forwarder to gather Registry data from Windows machines and send the data to Splunk Cloud Platform. You can monitor changes to the local Windows Registry using the Registry monitoring capability. Monitor data through Windows Management Instrumentation (WMI) Splunk Cloud Platform can use WMI through a universal forwarder to access event log and performance data on remote machines. You can monitor performance locally or remotely through a universal forwarder, or by using WMI. Any performance counter that is available in Performance Monitor is also available to Splunk Cloud Platform. Monitor Windows event log data with Splunk CloudĬollect performance data on Windows machines with Splunk Cloud Platform and then alert or report on that data. You can collect events on the local Windows machine or remotely by using either a universal forwarder or Windows Management Instrumentation (WMI). Monitor events that the Windows Event Log service generates on any available event log channel on the machine. The following specialized inputs are available only on Windows installations:
#Windows monitor install#
If you run Splunk Enterprise, you can install it or the universal forwarder on your Windows machines directly. Splunk Enterprise comes with installers for several versions of Windows and Windows Server. With Splunk Cloud Platform, as with many other input types, you must use either a universal or heavy forwarder that runs on Windows to collect data and send it to your Splunk Cloud Platform instance. You also have available the standard set of Splunk inputs, such as files and directories, network monitoring inputs, and scripted inputs. For example, you can index an Event Log channel, the Registry, or Active Directory. You can bring any kind of Windows data into the Splunk platform.
0 kommentar(er)
