Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

What a Splunk App for Windows Infrastructure deployment looks like

This topic discusses the overall architecture of a Splunk App for Windows Infrastructure deployment.

Introduction

A Splunk App for Windows Infrastructure deployment consists of a Splunk Enterprise instance (that contains the index and runs Splunk Web, and that users access to view the app) and a number of universal forwarders--one for each Active Directory or Windows server you want to include in the deployment.

This setup procedure guides you through the install of nearly all components on one hosts. This means that:

  • The host will act as the indexer to receive incoming data from forwarders.
  • The host will act as a deployment server to manage forwarders and deploy apps and configurations.
  • The host will act as a search head to host the app and view the incoming data.

Only the universal forwarders in this deployment will be on different hosts. This helps reduce confusion on what components need to be installed where. Once you have an understanding of how the app and its components work, you can read the topic on how to scale the deployment for increased performance on larger environments.

How it comes together

The diagram below depicts an example Splunk App for Windows Infrastructure deployment.

Winfra 11 Setup Basic.png

In this deployment:

  • You set up a Splunk Enterprise instance that acts as the indexer.
  • You configure the instance to be a deployment server. The deployment server handles apps, add-ons, and other configurations for universal forwarders that connect to it (deployment clients).
  • You install a universal forwarder on each Windows and Active Directory host in your environment. You tell the forwarder to connect to the deployment server.
  • You configure the deployment server to install the add-ons which collect the appropriate data for the role that server plays in the Windows deployment. The universal forwarder then sends that data to the indexer.

Get started

The next page details the installation of the first piece of your Splunk App for Windows Infrastructure deployment: setting up the indexer that will act as the hub for the entire operation.

Last modified on 26 June, 2016
What data the Splunk App for Windows Infrastructure collects   How to deploy the Splunk App for Windows Infrastructure

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.1.0, 1.1.1, 1.1.2, 1.1.3, 1.2.0, 1.2.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters