On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy).
For documentation on the most recent version, go to the latest release.
Install the add-ons into universal forwarders
The Splunk App for Windows Infrastructure uses included add-ons to collect data from the Windows and Active Directory servers in your Windows environment. To activate the add-ons, you must install them into universal forwarders that you have installed on the Windows servers.
You can install the add-ons in one of two ways.
- Manually. This process involves copying folders from the Splunk App for Windows Infrastructure installation package to the universal forwarder directory on each server.
- With a deployment server. This process is almost like copying the files manually, but you instead copy them to only one place. Once the files are there, you configure each universal forwarder as a deployment client and tell the clients to connect to the deployment server to get the needed configurations.
The table below shows you where the add-ons should be installed, based on your Windows deployment's server layout.
| If the server: | and it runs: | then install or deploy: |
|---|---|---|
| does not have an Active Directory role | any supported version of Windows Server | Splunk_TA_Windows
|
| is a domain controller | Windows Server 2003 or Server 2003 R2 | Splunk_TA_WindowsTA-DomainController-NT5
|
| Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 | Splunk_TA_WindowsTA-DomainController-NT6
| |
| Windows Server 2012 R2 | Splunk_TA_WindowsTA-DomainController-2012r2SA-ModularInput-PowerShell
| |
| is a DNS server | Windows Server 2003 or Server 2003 R2 | Splunk_TA_WindowsTA-DNSServer-NT5
|
| Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, Server 2012, or Server 2012 R2 | Splunk_TA_WindowsTA-DNSServer-NT6
| |
| is a domain controller and a DNS server | Windows Server 2003 or Server 2003 R2 | Splunk_TA_WindowsTA-DomainController-NT5TA-DNSServer-NT5
|
| Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 | Splunk_TA_WindowsTA-DomainController-NT6TA-DNSServer-NT6
| |
| Windows Server 2012 R2 | Splunk_TA_WindowsTA-DomainController-2012r2TA-DNSServer-NT6SA-ModularInput-PowerShell
|
More information about the add-ons
The following table shows where to find the add-ons and what each add-on provides.
| Add-on: | Where to find it: | What it provides: |
|---|---|---|
TA-DomainController-NT5 /TA-DomainController-NT6
|
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons
|
Active Directory statistics |
TA-DomainController-2012r2
|
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons
|
Active Directory statistics for computers that run Windows Server 2012 R2 only. Requires the Splunk Add-on for Microsoft PowerShell. |
TA-DNSserver-NT5 /TA-DNSServer-NT6
|
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons
|
Windows DNS server statistics, DNS server logs |
Splunk Add-on for Windows (Splunk_TA_Windows)
|
On Splunk Apps. | Windows statistics (Event logs, Registry/network/host/print monitoring) |
Splunk Add-on for PowerShell (SA-ModularInput-PowerShell
|
On Splunk Apps. | Extensions for PowerShell. Required by the TA-DomainController-2012r2 add-on. |
How to deploy the add-ons into the universal forwarders
Installing the apps into the universal forwarders involves placing the add-on folders into %SPLUNK_HOME%\etc\apps on each forwarder. You can do this either with a Splunk deployment server, or manually.
- If you have a deployment server and want to use it to deploy the app, then copy the add-on folders from the Splunk App for Windows Infrastructure installation package into
%SPLUNK_HOME%\etc\deployment-apps($SPLUNK_HOME/etc/deployment-appson *nix servers) on the deployment server. Then, configure server classes on the deployment server to deploy the add-on(s) to the correct server(s).
- If you do not have a deployment server, or do not want to use one to deploy the app, then you must manually copy the add-on(s) from the Splunk App for Windows Infrastructure installation package to
%SPLUNK_HOME%\etc\appson each Windows server with a universal forwarder. Review the tables above to determine on which servers the add-ons should go.
Last modified on 02 June, 2014
| Make configuration changes to match your existing environment | Enable auditing and local PowerShell script execution on Active Directory servers |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4
Download manual
Feedback submitted, thanks!