Splunk® App for Infrastructure

Administer Splunk App for Infrastructure

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of InfraApp. Click here for the latest version.
Acrobat logo Download topic as PDF

Configure Windows data collection for Splunk App for Infrastructure

To configure data collection, you must log in to an account with permissions to use sudo for root access.

Use the script to install and configure data collection agents on a host from which you want to collect metrics and log data. You can forward metrics and log data to the Splunk App for Infrastructure for performance monitoring and to investigate your infrastructure.


The data collection script requires the following.

Item Requires
Windows machine

See Operating system support for data collection.

Data collection script

See Windows data collection script requirements, package, and actions.

Admin privileges Admin privileges are required to configure data collection.


Step 1: Specify configuration options

Select and/or customize your data collection options for collecting metrics and logs from your host.

  1. In the Splunk App for Infrastructure user interface, click the Add Data tab.
  2. In the left panel click Windows.
  3. In 1: Specify configuration options > Data to be collected, click the Customize link.
    • When you select or customize the data to be collected, this also customizes the data collection script in Step 2 that you run on your host machine.
  4. Select the metrics and log sources for which you want to collect data.
    • The metric cpu is selected by default.
    • If selecting cpu > Collect data for each CPU, metrics are stored for each cpu individually, which enables you to use the Split-by feature in the Analysis Workspace.
    • If selecting cpu > Collect sum over all CPUs, only aggregate metrics are stored.
  5. Click Save.
  6. Add Dimensions for easier troubleshooting, analysis, and filtering hosts.
    • Dimensions are key/value pairs that provide metadata about the metric (describes the measurement) used for searching and filtering relevant datasets (distinct time series) during an investigation.
    • Use the format of dimension:value, such as env:prod.
  7. Enter the Monitoring machine hostname or IP address of the machine that has Splunk App for Infrastructure installed (the machine that you are sending data to).
    • For example, my.instance.domain.name.
  8. Enter an Install Location for where you want the script to install the Splunk Universal Forwarder on your system.

Step 2: Run the easy install script

Deploy the easy install script on your host to collect metrics and logs.

  1. Connect to the Windows system with the Remote Desktop Protocol (RDP).
  2. On the Windows system, open a PowerShell window.
  3. Paste the script in the PowerShell window and run it.
  4. When you run the script on a Windows system for the first time, you may receive a message stating that the universal forwarder was installed without creating an admin user. If this occurs, you have to manually create admin credentials. For information about configuring user credentials, see user-seed.conf in the Splunk Enterprise Admin Manual.

Step 3: Once the script finishes running, verify your data connection

Verify your data connection to start monitoring your infrastructure.

It can take up to about five (5) minutes for your entities to display in the user interface.

  1. In the Splunk App for Infrastructure user interface, return to your web browser and the Add Data view.
  2. When the script finishes running, the user interface indicates your entity is connected and data is available to view.
    • If no new entities are connected after a few minutes, click Refresh.
    • When new entities are connected, click New host found to view your entity.


When you have set up the data collection agent on your host machine, and validate new entities are connected, you can start monitoring your infrastructure. Go to the Investigate page to monitor your entities in the Infrastructure Overview or List View. You can group your entities to monitor them more easily, and drilldown to the Analysis Workspace to further analyze your infrastructure.

Create Administrator Credentials Manually

As explained in Step 2 in this topic, in order to log in as an admin user to run splunkforwarder CLI commands, you must manually create the universal forwarder administrator credentials. Follow the steps below and restart Splunk App for Infrastructure.

  1. Stop Splunk App for Infrastructure:
    .\splunk stop
  2. With a text editor, create $SPLUNK_HOME\etc\system\local\user-seed.conf, substituting $SPLUNK_HOME for where you installed the software.
  3. Within the file, add the following lines, substituting a password for your new password:
    USERNAME = admin
    PASSWORD = <your new password>
  4. Save the file and close it.
  5. Restart Splunk.
Last modified on 14 August, 2019
Configure Identity and Access Management (IAM) policy for AWS data collection
Configure Mac OS X Data Collection for Splunk App for Infrastructure

This documentation applies to the following versions of Splunk® App for Infrastructure: 1.2.0, 1.2.1, 1.2.2, 1.2.3

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters