We are currently moving our SIEM from Splunk to Elastic.
Due to a tight deadline and network/firewall configuration we will be adding the Elastic endpoint to our current Splunk Heavy Forwarders.
This approach works fine for syslog sources but I am unsure how to handle windows events coming from the heavy forwarders.
I doesn't seem like Winlogbeat or Elastic agent has an Input for this scenario.
Any advice would be appreciated.