Hello,
Can Splunk search client machines System log that has Event ID 7? We need to scan and retrieve hostnames that have this event ID which is a disk error
You can script the forwarder install with any normal config management tools you have already that can deploy msi installer packages. Then just use a splunk deployment server to control the log collection configuration. Typically done by using the Splunk for Windows TA. However if you have a lot of hosts you may have to consider how big your license is. An alternative would be use a free windows eventlog to syslog tool like Snare for Windows. It can be set to filter what events it sends. Then pickup, index and search those received syslogs.
thanks, so we would have to install splunk universal forwarder on all our client machines. How big is the software package for the forwarder and is it an easy deployment?
Splunk will not scan your network. If you install a forwarder on each machine (or some other agent capable of retrieving logs), you can send them to a Splunk indexer. There you can search through the logs, looking for your events.
