How to deploy the Splunk App for Windows Infrastructure
A new installation sequence
The Splunk App for Windows Infrastructure has a new installation sequence for version 1.1 and later. To help improve facilitation of the installation experience, it has been broken up into several chapters.
To complete an installation, complete the chapters below in sequence.
What if I know how to install Splunk Enterprise and Splunk apps?
If you already have indexers, search heads, forwarders, and a deployment server set up, then you can skip most of the basic infrastructure setup chapter.
If you have experience installing Splunk Enterprise, then perform the installation methods you are comfortable with. It is still a good idea to review the new procedure to get an understanding of how the components work together.
The process is as follows:
- Set up indexer(s) to receive data.
- Configure universal forwarders to forward data to the indexers.
- Follow the "Getting Data In" topics to get the required data into the indexers.
- Follow the "Complete Setup" topics to set up the app on search heads.
- Run the guided setup experience to check for data presence and correct any problems.
Where to install components
The table below lists what components to install and where to install them.
Search Head | Indexer | Univ. Fwder. | Deploy. Serv. | |
---|---|---|---|---|
Splunk App for Windows Infrastructure | X | |||
Splunk Add-on for Windows1 | X | X | X | XW |
"Send to indexer" app2 | X | |||
Splunk Add-ons for Active Directory3 | X | |||
Splunk Add-ons for Windows DNS3 | X | |||
Splunk Supporting Add-on for Active Dir. | X |
- This add-on requires configuration before you deploy it.
- You only require this app when you use a deployment server and want to control all forwarding configurations from there.
- You must install the correct add-on for the correct version of Windows or Exchange Server and role.
- W. Only if this host runs Windows and you want to monitor it with the app.
Set up basic infrastructure
This chapter sets up the basic building blocks for the environment.
- Install and configuring a Splunk indexer.
- Create the "send to indexer" app. This app configures forwarding on hosts that send data to the indexer.
- Set up a deployment server to manage the "send to indexer" and other apps.
- Install a universal forwarder on each Windows host and tell them to contact the deployment server for configuration and app downloads.
- As each universal forwarder connects, add them to a base "universal forwarder" server class to turn them into deployment clients.
Once you complete this chapter, you have the basic framework for a deployment.
Get Data In
The next chapters take you through configuring the apps and add-ons that the Splunk App for Windows Infrastructure needs and deploying them to the right deployment clients. At the end of each chapter, you can confirm that data is present on the indexer by running some sample search commands.
- The "Get Windows data" chapter discusses getting Windows data into the indexer. Follow it from beginning to end to install the Splunk Add-on for Windows on every Windows machine in the environment.
- The "Get Active Directory data" chapter details configuring Active Directory and getting AD data into the indexer. Complete the instructions in this chapter to install the Splunk Add-ons for Active Directory on Active Directory hosts in the environment.
- The "Get Domain Name Services (DNS) data" chapter provides instructions on how to get Windows DNS data into the service. Perform the procedures in this chapter to deploy the Splunk Add-ons for Windows DNS on DNS hosts and get DNS data.
Complete setup
After getting data in and confirming that it is there, complete setup.
Run the guided setup experience
After you add a license, activate the app.
- Log into the indexer and select the app to start the guided setup experience.
- Follow the prompts to confirm prerequisites, locate minimum data requirements, and configure aliases. You might need to go to other apps like the Splunk Supporting App for Active Directory to add or change configurations.
- The app searches for your data, builds lookups and data models, and enables features and pages.
- After it completes, it is ready for you to use! You can head over to the Reference manual to learn about the new pages that come with the app, and how to use all of the pages.
What a Splunk App for Windows Infrastructure deployment looks like | Install and configure a Splunk Enterprise Indexer |
This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1
Feedback submitted, thanks!