Related Answers
Download topic as PDF
Platform and hardware requirements
This topic discusses the underlying requirements for running the Splunk App for Windows Infrastructure.
Hardware and Operating System requirements
Hardware requirements
The Splunk App for Windows Infrastructure installs onto a full Splunk Enterprise instance. It does not install onto a universal forwarder or a light forwarder, because it requires Splunk Web to function fully.
The app has memory, CPU, and disk requirements that are above the standard hardware requirements for the core Splunk Enterprise platform. The added resource requirements depend on how you deploy the app. Be sure to deploy hardware that meets or exceeds the hardware requirements listed in the core Splunk Enterprise documentation.
- For additional details about supported versions of Windows for Splunk Enterprise, see "System requirements" in the core Splunk Enterprise documentation.
- For information about estimating hardware requirements for a Splunk deployment, read the following core Splunk Enterprise documentation topics:
- "Introduction to capacity planning for Splunk Enterprise" in the Capacity Planning Manual.
Operating system requirements
You can install the app on Splunk instances that run on many current versions of Windows, including:
- Windows XP, Vista, 7, and 8
- Windows Server 2003/2003 R2, Server 2008/2008 R2, or Server 2012/2012 R2.
You can also install the Splunk App for Windows Infrastructure on a non-Windows Splunk instance to display Windows data coming from external Windows sources, such as universal forwarders that run the Splunk Add-on for Windows or the Splunk Add-on for Active Directory suite.
Neither Splunk nor the Splunk App for Windows Infrastructure runs on:
- Windows 95, 98, or Me
- Windows NT Workstation or Server 3.1, 3.5, or 4.0
- Windows 2000 Workstation or Server
What versions of Splunk does the app support?
- All Splunk indexers and any Splunk search heads (the Splunk servers which index and search data on a distributed central Splunk instance) require Splunk version 6.0 or later.
- All Splunk universal forwarders require version 6.0 or later.
What browsers does the Splunk App for Windows Infrastructure support?
The Splunk App for Windows Infrastructure supports all browsers that the current version of Splunk Enterprise supports, with the exception of Internet Explorer versions 7 or 8.
What are the other prerequisites?
The Splunk Add-on for Windows
In order to collect data from the Windows servers in your environment, you need the Splunk Technology Add-on for Windows. This add-on installs into the universal forwarder that you install on the Windows servers from which you want to collect Windows data. Optionally, it also installs onto all indexers in the central Splunk App for Windows Infrastructure instance (provided that those servers run Windows.)
The Splunk Add-on for Windows can be downloaded from Splunk Apps.
The Splunk Add-on for Active Directory suite
The Splunk Add-on for Active Directory suite - including the Supporting Add-on for Active Directory (SA-Ldapsearch) - must be installed on the central Splunk instance.
The installation package for the Splunk App for Windows Infrastructure includes this suite of add-ons for Active Directory. You can download the Supporting Add-on for Active Directory from Splunk Apps.
The Splunk Add-on for PowerShell
If you run Windows Server 2012 R2 and plan to deploy the TA_DomainController_2012R2 add-on to gather Active Directory statistics, you need to also download and install the Splunk Add-on for PowerShell.
You can download the Splunk Add-on for PowerShell from Splunk Apps.
Administrative access to Windows servers
You must have administrative access to all Windows servers in the Splunk App for Windows Infrastructure deployment. The central servers require this access to install Splunk; any servers in the field also require this access to install universal forwarders. Splunk also must run as a user with administrative access to the machine.
A proficient understanding of distributed Splunk deployments
If you plan for your Splunk App for Windows Infrastructure deployment to monitor a large number of Windows servers, or even a small number, you must understand how distributed Splunk works. You must understand this concept both on the instance of Splunk that hosts the app and on the universal forwarders that send data to the app. Read the following core Splunk Enterprise topics for additional information:
- "Distributed overview" - A high level description of distributed Splunk.
- "About forwarding and receiving data" - A primer on how data forwarding works.
- "About distributed search" - A primer on how distributed search works.
Time (and patience)
Depending on the size of your Windows or Active Directory network, it takes time to get a Splunk App for Windows Infrastructure deployment up and running correctly. You will spend time procuring hardware, identifying servers you want to monitor, installing the Splunk App for Windows Infrastructure and its associated add-ons, tweaking configurations, and troubleshooting any issues you come across. Whether or not you automate certain processes (through tools such as Splunk's deployment server or Microsoft's System Center) determines how much time you spend on the project.
If your deployment is large or complex, you might want to contact Splunk's Professional Services for assistance.
|
PREVIOUS How to get support and find more information about Splunk |
NEXT What data the Splunk App for Windows Infrastructure collects |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4
Feedback submitted, thanks!