Is it correct that Splunk Cloud cannot index .evtx Windows event logs in case I upload this directly?
Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.
Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.
Looks like only forwarder can do this. Guys when you will install Windows Forwarder to import data in Splunk Cloud do not specify Splunk hostname in Forwarder Installer. Just install it with default settings.
Then download the Credentials file form your Splunk Cloud and configure Forwarder with this file.
I'm not aware of the .evtx file format, but with a forwarder, Splunk Cloud will index Windows events just like a regular Splunk Enterprise.