I am trying to create a tag for Windows servers so that Splunk can use the tag to grab the logs of the Windows servers which have been pushed to LogInsight. I see that I can do that in the insight client config, but I don't think that is working. Since VCenter knows what OS was set when the vm was built, what built-in tag would I be able to use? Or, any ideas would be greatly appreciated!
Just another thought, maybe you could use the 'Event Forwarding' feature in Log Insight to forward the windows events to Splunk, the link here talks about forwarding the vCenter Security events to Splunk. However, similarly one could configure event forwarding for windows events.
How to Forward Security Events from vRealize Log Insight to Splunk - VMware Customer Experience and ...
Thank you Shen. I had been asked to create a tag on the client. I will do this instead.
Do you know how I can get a tag that I create for the Windows agent to be available to filter on that later?
Also, do you know how to filter on a VMware vm Vcenter tag?
Please refer to the below docs, I hope this helps you. Thank you.