Install the Splunk Add-on for Windows DNS

Get the Splunk Add-on for Windows DNS by downloading it from https://splunkbase.splunk.com/app/3208 or browsing to it using the app browser within Splunk Web.
Determine where and how to install this add-on in your deployment, using the tables on this page.
Perform any prerequisite steps before installing, if required and specified in the tables below.
Complete your installation.

This add-on has been specifically created for use with the Splunk Apps for Microsoft Exchange and Windows Infrastructure. There are specific installation instructions for these add-ons for use with those apps:

Splunk App for Microsoft Exchange

Splunk App for Windows Infrastructure

You can also use the add-on to collect Windows DNS data outside of these apps. For best results, however, you must configure your Windows DNS servers for increased logging.

Distributed deployments

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you use forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of Splunk Enterprise.

Splunk Add-on for Windows DNS

Splunk instance type	Supported	Required	Comments
Search Heads	Yes	Yes	Install this add-on to one or more search heads that are also DNS servers and where DNS knowledge management is required.
Indexers	Yes	Yes	Install this add-on to indexers only if they are also DNS servers and DNS knowledge is required.
Heavy Forwarders	Yes	See comments	All forwarder types are supported.
Universal Forwarders	Yes	See comments	All forwarder types are supported. If you use a universal forwarder for data collection, install the add-on to your indexers as well. The forwarder needs to be installed directly on the DNS server for DNS monitoring.
Light Forwarders	Yes	No	All forwarder types are supported. If you use a light forwarder for data collection, install the add-on to your indexers as well. The forwarder needs to be installed directly on the DNS server for DNS monitoring.

Distributed deployment feature compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature	Supported	Comments
Search Head Clusters	Yes	You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. Before you install this add-on to a cluster, remove the `eventgen.conf` file and all files in the `samples` folder.
Indexer Clusters	Yes	Before you install this add-on to a cluster, remove the `eventgen.conf` file and all files in the `samples` folder.
Deployment Server	Yes	Supported for deploying the configured add-on to multiple nodes. This is a Splunk best practice and the Splunk Apps for Microsoft Exchange and Windows Infrastructure use a deployment server to facilitate easier installation.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Related answers from Splunk Community

Install the Splunk Add-on for Windows DNS

Splunk App for Microsoft Exchange

Splunk App for Windows Infrastructure

Distributed deployments

Where to install this add-on

Splunk Add-on for Windows DNS

Distributed deployment feature compatibility

Installation walkthroughs

Comments

Install the Splunk Add-on for Windows DNS

Was this topic useful?