Splunk Enterprise Certified Admin — Question 59
How can event logs be collected from a remote Windows machine using a standard Splunk installation and no customization? (Select all that apply.)
Answer options
- A. By configuring a WMI input.
- B. By using HTTP event collector.
- C. By using a Windows heavy forwarder.
- D. By using a Windows universal forwarder.
Correct answer: A, D
Explanation
Option A is correct because configuring a WMI input allows for the collection of event logs from remote Windows machines. Option D is also correct as a Windows universal forwarder can send logs to Splunk without customization. Options B and C are incorrect because HTTP event collector is not designed for this purpose and a Windows heavy forwarder is not necessary for simple event log collection.