Refine your search:

1
2

Regarding agent vs agentless data / event gatering, WMI (agentless) seems easier to setup from within Splunk to pull in the data from remote Windows servers. So why would someone deploy Splunk as a Forwarder (agent) on their Windows servers to push the data in?

asked 28 Apr '10, 17:44

maverick's gravatar image

maverick ♦
2.9k5338117
accept rate: 13%


2 Answers:
link

answered 28 Apr '10, 17:55

piebob's gravatar image

piebob ♦♦
5.5k71225
accept rate: 31%

edited 21 Dec '12, 12:49

ChrisG's gravatar image

ChrisG ♦
4.8k58

Please review this topic in our community wiki for more detail regarding this question.

http://www.splunk.com/wiki/Deploy:SnareVwmiVforwarding

Also,

  • WMI does not pull data via SSL, but Splunk Forward can push data over SSL
  • pulling data with WMI may produce gaps in the data, if/when service is restarted
  • Splunk Forwarder can monitor and push up non-Windows data as well (i.e. IIS events, MSSQL, DIR listings every hour, etc.)
link

answered 28 Apr '10, 17:51

maverick's gravatar image

maverick ♦
2.9k5338117
accept rate: 13%

edited 20 Dec '12, 19:06

piebob's gravatar image

piebob ♦♦
5.5k71225

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×803
×597
×221
×22
×3

Asked: 28 Apr '10, 17:44

Seen: 6,222 times

Last updated: 21 Dec '12, 12:49

Copyright © 2005-2014 Splunk Inc. All rights reserved.