Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise.
For documentation on the most recent version, go to the latest release.
Enable Windows data collection
Collect Windows Event Logs using the Splunk add-on for Microsoft Windows.
Configure Windows to enable data collection
To collect Windows Event Logs using the Splunk add-on for Microsoft Windows, configure your Windows environment to collect data:
- Create and configure security groups with the user you want the universal forwarder to run as. You can optionally configure the universal forwarder account as a managed service account.
- On the universal forwarder, create and configure Group Policy objects (GPOs) for security policy and user rights assignment. Assign appropriate user rights to the GPO.
- Deploy the GPOs with the updated settings to the appropriate objects.
- Microsoft enables the administration of user rights and privileges for user accounts. For more information, see the Configuring User Rights topic of the Microsoft documentation.
Last modified on 28 September, 2018
| Introduction | Install the Splunk universal forwarder |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Download manual
Feedback submitted, thanks!