Getting Data In

Agent vs Agentless event gathering on Windows

maverick
Splunk Employee
Splunk Employee

Regarding agent vs agentless data / event gatering, WMI (agentless) seems easier to setup from within Splunk to pull in the data from remote Windows servers. So why would someone deploy Splunk as a Forwarder (agent) on their Windows servers to push the data in?

1 Solution

piebob
Splunk Employee
Splunk Employee

maverick
Splunk Employee
Splunk Employee

Please review this topic in our community wiki for more detail regarding this question.

http://www.splunk.com/wiki/Deploy:SnareVwmiVforwarding

Also,

  • WMI does not pull data via SSL, but Splunk Forward can push data over SSL
  • pulling data with WMI may produce gaps in the data, if/when service is restarted
  • Splunk Forwarder can monitor and push up non-Windows data as well (i.e. IIS events, MSSQL, DIR listings every hour, etc.)
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...