Splunk® Supported Add-ons

Splunk Add-on for Microsoft SCOM

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Add-on for Microsoft SCOM

  1. Get the Splunk Add-on for Microsoft SCOM by downloading it from http://splunkbase.splunk.com/app/2729 or browsing to it using the app browser within Splunk Web.
  2. Determine where and how to install this add-on in your deployment, using the tables on this page.
  3. Perform any prerequisite steps before installing, if required and specified in the tables below.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.

Distributed deployments

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise.

This add-on must be installed on a Windows instance of Splunk Enterprise for data collection. The add-on is platform independent for indexers and search heads.

Where to install this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Splunk instance type Supported Required Action Required/Comments
Search Heads Yes Yes Install this add-on to all search heads where Microsoft SCOM knowledge management is required.

Splunk recommends that you turn add-on visibility off on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of (or in addition to) on your data collection node.

Indexers Yes No Not required as parsing and data collection operations occur on the heavy forwarders.
Heavy Forwarders Yes Yes Best practice: Using the Splunk Add-on for Microsoft SCOM configuration UI to configure your inputs speeds configuration and helps prevent errors.

The Splunk Add-on for Microsoft SCOM and the Heavy forwarder must be installed on the same machine as the SCOM Operations console.

Universal Forwarders No No Not supported because the add-on requires Python.

Distributed deployment feature compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but only configure inputs on forwarders to avoid duplicate data collection.
Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the inputs.conf file.
Indexer Clusters Yes Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the inputs.conf file.
Deployment Server No Supported for deploying unconfigured add-on only. Using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes duplication of data.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

High Availability feature configuration

Version 4.4.0 of the Splunk Add-on for Microsoft SCOM introduces a cluster management mechanism that helps you avoid data duplication issues. To enable this feature:

  1. Go to Apps > Splunk Add-on for Microsoft SCOM > Inputs.
  2. Select the Inputs that you want to secure through the High Availability feature by clicking next to the input that you want to secure through that feature.
  3. As a second option in the "'Server'" category, select a server instance that will work as your recovery server if the first server is not working. After selecting your second server, click "'Update'".
  4. If you don't have a dedicated server for High Availability, configure the server on the Configuration tab and then go back to select this server as described in the previous step.
  5. If you are unable to add a server in the user interface, you can include a backup server for High Availability by placing [backup_server] access credentials in default/micrososft_scom_servers.conf. You do this by adding a new stanza as described in "Configure inputs through the configuration files".
  6. Restart the Splunk Enterprise instance by selecting Settings > Server Controls > Restart Splunk.

Installation walkthrough

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Last modified on 22 February, 2024
PREVIOUS
Installation and configuration overview for the Splunk Add-on for Microsoft SCOM
  NEXT
Configure inputs for the Splunk Add-on for Microsoft SCOM

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters