Splunk® App for Windows Infrastructure

Deploy and Use the Splunk App for Windows Infrastructure

Download manual as PDF

This documentation does not apply to the most recent version of MSApp. Click here for the latest version.
Download topic as PDF

Install the add-ons into universal forwarders

The Splunk App for Windows Infrastructure uses included add-ons to collect data from the Windows and Active Directory servers in your Windows environment. To activate the add-ons, you must install them into universal forwarders that you have installed on the Windows servers.

You can install the add-ons in one of two ways.

  • Manually. This process involves copying folders from the Splunk App for Windows Infrastructure installation package to the universal forwarder directory on each server.
  • With a deployment server. This process is almost like copying the files manually, but you instead copy them to only one place. Once the files are there, you configure each universal forwarder as a deployment client and tell the clients to connect to the deployment server to get the needed configurations.

The table below shows you where the add-ons should be installed, based on your Windows deployment's server layout.

If the server: and it runs: then install or deploy:
does not have an Active Directory role any supported version of Windows Server Splunk_TA_Windows
is a domain controller Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DomainController-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 Splunk_TA_Windows
TA-DomainController-NT6
Windows Server 2012 R2 Splunk_TA_Windows
TA-DomainController-2012r2
SA-ModularInput-PowerShell
is a DNS server Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DNSServer-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, Server 2012, or Server 2012 R2 Splunk_TA_Windows
TA-DNSServer-NT6
is a domain controller and a DNS server Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DomainController-NT5
TA-DNSServer-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 Splunk_TA_Windows
TA-DomainController-NT6
TA-DNSServer-NT6
Windows Server 2012 R2 Splunk_TA_Windows
TA-DomainController-2012r2
TA-DNSServer-NT6
SA-ModularInput-PowerShell

More information about the add-ons

The following table shows where to find the add-ons and what each add-on provides.

Add-on: Where to find it: What it provides:
TA-DomainController-NT5 /
TA-DomainController-NT6
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Active Directory statistics
TA-DomainController-2012r2 In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Active Directory statistics for computers that run Windows Server 2012 R2 only. Requires the Splunk Add-on for Microsoft PowerShell.
TA-DNSserver-NT5 /
TA-DNSServer-NT6
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Windows DNS server statistics, DNS server logs
Splunk Add-on for Windows (Splunk_TA_Windows) On Splunk Apps. Windows statistics (Event logs, Registry/network/host/print monitoring)
Splunk Add-on for PowerShell (SA-ModularInput-PowerShell On Splunk Apps. Extensions for PowerShell. Required by the TA-DomainController-2012r2 add-on.

How to deploy the add-ons into the universal forwarders

Installing the apps into the universal forwarders involves placing the add-on folders into %SPLUNK_HOME%\etc\apps on each forwarder. You can do this either with a Splunk deployment server, or manually.

  • If you have a deployment server and want to use it to deploy the app, then copy the add-on folders from the Splunk App for Windows Infrastructure installation package into %SPLUNK_HOME%\etc\deployment-apps ($SPLUNK_HOME/etc/deployment-apps on *nix servers) on the deployment server. Then, configure server classes on the deployment server to deploy the add-on(s) to the correct server(s).
  • If you do not have a deployment server, or do not want to use one to deploy the app, then you must manually copy the add-on(s) from the Splunk App for Windows Infrastructure installation package to %SPLUNK_HOME%\etc\apps on each Windows server with a universal forwarder. Review the tables above to determine on which servers the add-ons should go.
Last modified on 02 June, 2014
PREVIOUS
Make configuration changes to match your existing environment
  NEXT
Enable auditing and local PowerShell script execution on Active Directory servers

This documentation applies to the following versions of Splunk® App for Windows Infrastructure: 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters