We currently run Splunk Enterprise Version 6.4.2 on Linux.
We are in the process of installing a light forwarder on a Windows system.
While looking at existing configurations we have found different setups, some with the Splunk Add-on for Microsoft Windows and some
without. The question is going forward, what additional functionality would we get from the add-on since the base forwarder
without the add-on provides us access to the Windows logs?
Thanks...Rob
The method of accessing Windows through the logs or WMI is far more error-prone than using the TA. I always use the TA on Windows forwarders.
Hi ritsma,
I always disable windows logs functionalities in the forwarders installation and I deploy Splunk_TA_Windows using a Deployment Server so I can manageconfigurations.
Bye.
Giuseppe