Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Configure the Splunk App for Windows Infrastructure

This topic discusses how to configure the Splunk App for Windows Infrastructure, and describes what you see when you run the app for the first time.

First time configuration

After you install the Splunk App for Windows Infrastructure, when you load the app, it presents you with the following dialog box:

Winfra 10 FirstTimeRun1.png

This dialog box lets the Splunk App for Windows Infrastructure detect what data has already been collected and determine which dashboards it should display. While you do not need to let it run the detection process, it is a good idea to do so.

To begin the detection process, click the green Start button in the dialog box. To skip the detection process, click the Skip button.

If you click the "Skip" button, the Splunk App for Windows Infrastructure displays the main configuration page.

If you click the "Start" button, the app displays the "Detecting" dialog box as it searches for existing data:

Winfra 10 FirstTimeRun2.png

You can stop the detection progress at any time by clicking the Cancel button in the lower left corner of the dialog box.

Once the detection process has completed, the "Cancel" button becomes a Close button which, when you click it, clears the detection dialog box and shows the following page:

Winfra 10 FirstTimeRun3.png

This is the main configuration panel for the Splunk App for Windows Infrastructure. The page contains two sections:

  • Windows: This section displays options based on data that has already been collected with the Splunk App for Windows and the Windows inputs in the core Splunk Enterprise product. If the Splunk App for Windows Infrastructure detects that Windows data has been collected, it enables the checkbox next to the type of Windows data that has been collected. Each of these entries is also a dashboard in the Splunk App for Windows Infrastructure.
  • Active Directory: This section displays options based on data that has already been collected with the Splunk App for Active Directory and associated Active Directory inputs in the core Splunk Enterprise product. If the Splunk App for Windows Infrastructure detects that Active Directory data has been collected, it enables the checkbox next to the type of Active Directory data that is present. Each of these entries is also a dashboard.

Important: This configuration page relies on data that has already been collected. If you have not collected any data, then the detection process will not enable any dashboards.

If you skipped the detection process, the Splunk App for Windows Infrastructure displays this page with all dashboards enabled.

Once you have confirmed the dashboards you want to enable, click the Finish and Save button to go to the main Splunk App for Windows Infrastructure page.

You can also click the Detect button to run the detection process again.

Last modified on 31 March, 2014
Log in and get started   Dashboard reference

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters