By Using Docker Container and VMware we will setup a test environment to test and learning about Splunk
This is a test environment setup that will use SC4S (Syslog Connect For Splunk) as a main way to forward log even if it is Windows event logs
UPDATED: don't do this, do forward windows event log to SC4S -> Please, don't, SC4S is for SYSLOG and SYSLOG only -> so you better using Cribl to act as a intermediate forwarder
Windows 10/11 machine
Docker container installed
Splunk Enterprise image
SC4S image
Nxlog Forwarder
Topology
All right why the heck I install Cribl or SC4S, why don't just forward directly to Splunk ES, Am I stupid or what?
