Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Download and configure the Splunk Add-on for Microsoft Active Directory

The Splunk Add-on for Microsoft Active Directory is available on Splunkbase. When you download and deploy the add-ons to domain controllers, the add-ons collect Active Directory data and send it to Splunk App for Windows Infrastructure indexers.

More information about the Active Directory add-ons

The following table lists details about the Active Directory add-on.

Add-on Description
Splunk_TA_microsoft_ad For Active Directory domain controllers that run Windows Server 2008, 2008 R2, 2012 R2 and later. Requires the Splunk Add-on for PowerShell.

Download the Splunk Add-on for Microsoft Active Directory

The Splunk Add-ons for Microsoft Active Directory and PowerShell are available on Splunkbase.

Download the add-on package and save it to an accessible place on the deployment server:

  1. In a web browser, proceed to the Splunk Add-on for Active Directory download page.
  2. Click the download link to begin the download process. You might need to sign in with your Splunk account before the download starts.
  3. When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
  4. Repeat this process for the Splunk Add-on for PowerShell.
  5. Use an archive utility such as WinZip to unarchive the file to an accessible location.

Configure the Splunk Add-on for Microsoft Active Directory

The Splunk Add-on for Microsoft Active Directory do not require any configuration edits by default. When you deploy them onto Active Directory domain controllers, they immediately begin collecting data as long as you have configured audit policy.

Next steps

You have downloaded the Splunk Add-on for Microsoft Active Directory. The next step involves deploying those add-ons into the universal forwarders that you install on your Active Directory domain controllers.

Last modified on 31 October, 2016
Configure PowerShell Execution policy in Active Directory   Deploy the Splunk Add-on for Microsoft Active Directory

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.3.0, 1.4.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters