Windows Data
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Splunk Add-on for Windows | Required | - | - | Required (only for Windows) | Installation and Configuration Guide |
| A-TA-windows_inputs | - | - | - | Required (only for Windows) | Installation and Configuration Guide |
- Refer to this link to enable windows security logging for important policies.
- Refer to
A-TA-windows_inputsApp on this GitHub Repo for inputs.conf reference.
Note : Create an index named wineventlog, windows and msad or update the cs_windows_idx macro definition from Cyences app configuration page (Cyences Settings > Cyences App Configuration > Products Setup).
Estimated Data Size
Data size with updated stanzas:
- WinEventLog:Security: 0.8-1.2GB per host per day
- WinEventLog:System: 0.1-0.3GB per host per day
Note: The data provided for WinEventLog:Security tends to vary from host to host as a lot of it is based on the overall usage of the system.