Windows inputs in Splunk
On the Add data page, you'll notice the mention of Windows several times. Splunk's Windows installations make the following specialized inputs available to you:
Windows event logs: Splunk can monitor logs generated by the Windows event log service on any event log channel (local or remote)
Performance monitoring: All performance counters that are available in the performance monitor are also available in Splunk
Remote monitoring over WMI: Splunk can use WMI to access log and performance data on remote machines
Registry monitoring: You can monitor changes to the local Windows registry
Active Directory: Splunk can audit any modifications to Active Directory, including changes to user, group, machine, and group policy objects
