Splunk® Add-on for Microsoft Windows DNS (Legacy)

Install and use the Splunk Add-on for Windows DNS

Acrobat logo Download manual as PDF


The Splunk Add-on for Windows DNS version 1.0.1 not supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.
Acrobat logo Download topic as PDF

Install the Splunk Add-on for Windows DNS

  1. Get the Splunk Add-on for Windows DNS by downloading it from https://splunkbase.splunk.com/app/3208 or browsing to it using the app browser within Splunk Web.
  2. Determine where and how to install this add-on in your deployment, using the tables on this page.
  3. Perform any prerequisite steps before installing, if required and specified in the tables below.
  4. Complete your installation.

This add-on has been specifically created for use with the Splunk Apps for Microsoft Exchange and Windows Infrastructure. There are specific installation instructions for these add-ons for use with those apps:

Splunk App for Microsoft Exchange

Splunk App for Windows Infrastructure

You can also use the add-on to collect Windows DNS data outside of these apps. For best results, however, you must configure your Windows DNS servers for increased logging.


Distributed deployments

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you use forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.

Splunk Add-on for Windows DNS

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to one or more search heads that are also DNS servers and where DNS knowledge management is required.
Indexers Yes Yes Install this add-on to indexers only if they are also DNS servers and DNS knowledge is required.
Heavy Forwarders Yes See comments All forwarder types are supported.
Universal Forwarders Yes See comments All forwarder types are supported. If you use a universal forwarder for data collection, install the add-on to your indexers as well.

The forwarder needs to be installed directly on the DNS server for DNS monitoring.

Light Forwarders Yes No All forwarder types are supported. If you use a light forwarder for data collection, install the add-on to your indexers as well.

The forwarder needs to be installed directly on the DNS server for DNS monitoring.

Distributed deployment feature compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection.

Before you install this add-on to a cluster, remove the eventgen.conf file and all files in the samples folder.

Indexer Clusters Yes Before you install this add-on to a cluster, remove the eventgen.conf file and all files in the samples folder.
Deployment Server Yes Supported for deploying the configured add-on to multiple nodes. This is a Splunk best practice and the Splunk Apps for Microsoft Exchange and Windows Infrastructure use a deployment server to facilitate easier installation.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Last modified on 26 January, 2021
PREVIOUS
Hardware and software requirements for the Splunk Add-on for Windows DNS 		  NEXT
Configure the Splunk Add-on for Windows DNS

This documentation applies to the following versions of Splunk® Add-on for Microsoft Windows DNS (Legacy): 1.0.0, 1.0.1

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters