Hello All,
Is it possible to configure Logstash to send logs (windows event log ) to Splunk to get events after logstash parsing?
Tnx in advance
1 Like
Logstash can send processed events by a number of means, e.g. raw TCP or UDP, that I'm sure Splunk can monitor. I'd look into Logstash's list of output plugins and compare it to any similar list of possible inputs that Splunk has and try to find the best match.
Splunk also seems to be capable of reading Windows event logs directly—any reason you want to use Logstash as a middle man?
1 Like
Has anyone else tried to get this working? I have beats going to logstash then ES but for some hosts I also need to send that data to SPLUNK.
1 Like