Windows Data

Configure the Splunk Add-on for Windows to collect field extractions related to Active Directory and Windows data.

Splunkbase Download:

Installation and Configuration Guide:

Refer to A-TA-windows_inputs App on this GitHub Repo for inputs.conf reference.

Note: Configure the index value index IN (wineventlog, windows, msad) for both WinEventLog Security Data and WinEventLog System Data under the Data Source Macros section in Cyences’ Configuration page.

Estimated Data Size

Data size with updated stanzas:

  • WinEventLog:Security: 0.8-1.2GB per host per day
  • WinEventLog:System: 0.1-0.3GB per host per day

Note: The data provided for WinEventLog:Security tends to vary from host to host as a lot of it is based on the overall usage of the system.

Table of contents

Copyright © 2023 CrossRealms International.