I'm not at all familiar with Splunk in detail. I hoped it was more than just listening to file system and then parsing those files.
AFAIK ETW does not write anywhere unless there are listeners capturing. So I have listeners that hear and write to files and windows Event Log. For that I have to explicitly run a windows service and implement and configure eventlog listener. Splunk in turn listening to what I produce would be an overhead. I hoped Splunk could go directly, the way PerfView can, for example.
... View more