Introduction for Windows admins
Splunk is a powerful, effective tool for Windows administrators to resolve problems that occur on their Windows networks. Its out-of-the-box feature set positions it to be the secret weapon in the Windows administrator's toolbox. The ability to add apps that augment its functionality makes it even more extensible. And it has a growing, thriving community of users.
How to use this manual as a Windows user
This manual has topics that will help you experiment with, learn, deploy, and get the most out of Splunk.
Unless otherwise specified, the information in this manual is helpful for both Windows and *nix users. If you are unfamiliar with Windows or *nix operational commands, we strongly recommend you check out Differences between *nix and Windows in Splunk operations.
We've also provided some extra information in the chapter "get the most out of Splunk on Windows". This chapter is intended for Windows users to help you make the most of Splunk and includes the following information.
Deploy Splunk on Windows provides some considerations and preparations specific to Windows users. Use this topic when you plan your deployment.
Optimize Splunk for peak performance describes ways to keep your Splunk on Windows deployment running properly, either during the course of the deployment, or after the deployment is complete.
Put Splunk onto system images helps you make Splunk a part of every Windows system image or installation process. From here you can find tasks for installing Splunk and Splunk forwarders onto your system images.
For more information
Here's some additional Windows topics of interest in other Splunk manuals:
- An overview of all of the installed Splunk for Windows services (from the Installation Manual)
- What Splunk can monitor (from the Getting Data In Manual)
- Considerations for deciding how to monitor remote Windows data (from the Getting Data In Manual). Read this topic for important information on how to get data from multiple machines remotely.
- Consolidate data from multiple hosts (from the Universal Forwarder Manual)
Other useful information:
- Where is my data? (from the Getting Data In Manual)
- Use Splunk's Command Line Interface (CLI) (from the Getting Data In Manual)
- Sources, sourcetypes and fields (from the Getting Data In Manual)
- Fields and field extraction (from the Knowledge Manager Manual)
- Real-time searches (from the User Manual)
- Saved searches (from the User Manual)
- Dashboard creation (from the User Manual)
If you need help
If you are looking for in-depth Splunk knowledge, a number of education programs are available.
When you get stuck, Splunk has a large free support infrastructure that can help:
- Splunk Answers.
- The Splunk Community Wiki.
- The Splunk Internet Relay Chat (IRC) channel (EFNet #splunk). (IRC client required)
If you still don't have an answer to your question, you can get in touch with Splunk's support team. The Support Contact page tells you how to do that.
Note: Levels of support above the community level require an Enterprise license. To get one, you'll need to speak with the Sales team.
Other manuals for the Splunk platform administrator
About Splunk Free
This documentation applies to the following versions of Splunk® Enterprise: 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.6.0, 6.6.1, 6.6.2, 6.6.3