Exploring Windows inputs
The input types that we have gone through so far are neither technology- nor OS-specific. However, here, as the name suggests, Windows inputs work on Windows-only hosts. The host requires at least a UF or Splunk Enterprise instance to collect Windows-specific logs. Windows natively stores its logs in binary format, and the Windows inputs interact with OS APIs to get these logs.
When installing a UF on Windows hosts, you are given the option to enable Windows inputs. With a Splunk Enterprise instance, Windows inputs can be configured through Splunk Web via Settings | Data Inputs and then choosing Local event log collection and Remote event log collection. Remote event log collection requires a Windows domain account for log collection from remote hosts.
In a large-scale Windows host environment with UF already configured, use a deployment server to centrally manage inputs. Create and configure inputs.conf within the app. Deploy the app to the forwarders...
