Windows Data
Configure the Splunk Add-on for Windows to collect field extractions related to Active Directory and Windows data.
Splunkbase Download: https://splunkbase.splunk.com/app/742/
Installation and Configuration Guide: https://docs.splunk.com/Documentation/AddOns/released/Windows/Installationoverview
Refer to A-TA-windows_inputs App on this GitHub Repo for inputs.conf reference.
Note: Configure the index value index IN (wineventlog, windows, msad) for both WinEventLog Security Data and WinEventLog System Data under the Data Source Macros section in Cyences’ Configuration page.
Estimated Data Size
Data size with updated stanzas:
- WinEventLog:Security: 0.8-1.2GB per host per day
- WinEventLog:System: 0.1-0.3GB per host per day
Note: The data provided for WinEventLog:Security tends to vary from host to host as a lot of it is based on the overall usage of the system.