Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Install the add-ons into universal forwarders

The Splunk App for Windows Infrastructure uses included add-ons to collect data from the Windows and Active Directory servers in your Windows environment. To activate the add-ons, you must install them into universal forwarders that you have installed on the Windows servers.

You can install the add-ons in one of two ways.

  • Manually. This process involves copying folders from the Splunk App for Windows Infrastructure installation package to the universal forwarder directory on each server.
  • With a deployment server. This process is almost like copying the files manually, but you instead copy them to only one place. Once the files are there, you configure each universal forwarder as a deployment client and tell the clients to connect to the deployment server to get the needed configurations.

The table below shows you where the add-ons should be installed, based on your Windows deployment's server layout.

If the server: and it runs: then install or deploy:
does not have an Active Directory role any supported version of Windows Server Splunk_TA_Windows
is a domain controller Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DomainController-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 Splunk_TA_Windows
TA-DomainController-NT6
Windows Server 2012 R2 Splunk_TA_Windows
TA-DomainController-2012r2
SA-ModularInput-PowerShell
is a DNS server Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DNSServer-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, Server 2012, or Server 2012 R2 Splunk_TA_Windows
TA-DNSServer-NT6
is a domain controller and a DNS server Windows Server 2003 or Server 2003 R2 Splunk_TA_Windows
TA-DomainController-NT5
TA-DNSServer-NT5
Windows Server 2008, Server 2008 R2, Server 2008 R2 Core, or Server 2012 Splunk_TA_Windows
TA-DomainController-NT6
TA-DNSServer-NT6
Windows Server 2012 R2 Splunk_TA_Windows
TA-DomainController-2012r2
TA-DNSServer-NT6
SA-ModularInput-PowerShell

More information about the add-ons

The following table shows where to find the add-ons and what each add-on provides.

Add-on: Where to find it: What it provides:
TA-DomainController-NT5 /
TA-DomainController-NT6
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Active Directory statistics
TA-DomainController-2012r2 In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Active Directory statistics for computers that run Windows Server 2012 R2 only. Requires the Splunk Add-on for Microsoft PowerShell.
TA-DNSserver-NT5 /
TA-DNSServer-NT6
In the Splunk App for Windows Infrastructure installation package, at splunk_app_windows_infrastructure\appserver\addons Windows DNS server statistics, DNS server logs
Splunk Add-on for Windows (Splunk_TA_Windows) On Splunk Apps. Windows statistics (Event logs, Registry/network/host/print monitoring)
Splunk Add-on for PowerShell (SA-ModularInput-PowerShell On Splunk Apps. Extensions for PowerShell. Required by the TA-DomainController-2012r2 add-on.

How to deploy the add-ons into the universal forwarders

Installing the apps into the universal forwarders involves placing the add-on folders into %SPLUNK_HOME%\etc\apps on each forwarder. You can do this either with a Splunk deployment server, or manually.

  • If you have a deployment server and want to use it to deploy the app, then copy the add-on folders from the Splunk App for Windows Infrastructure installation package into %SPLUNK_HOME%\etc\deployment-apps ($SPLUNK_HOME/etc/deployment-apps on *nix servers) on the deployment server. Then, configure server classes on the deployment server to deploy the add-on(s) to the correct server(s).
  • If you do not have a deployment server, or do not want to use one to deploy the app, then you must manually copy the add-on(s) from the Splunk App for Windows Infrastructure installation package to %SPLUNK_HOME%\etc\apps on each Windows server with a universal forwarder. Review the tables above to determine on which servers the add-ons should go.
Last modified on 02 June, 2014
Make configuration changes to match your existing environment   Enable auditing and local PowerShell script execution on Active Directory servers

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters