Splunk® App for Windows Infrastructure

Deploy and Use the Splunk App for Windows Infrastructure

Download manual as PDF

This documentation does not apply to the most recent version of MSApp. Click here for the latest version.
Download topic as PDF

Download and configure the Splunk Add-on for Windows DNS

This topic discusses how to download and configure the Splunk Add-on for Windows DNS and deploy them to your deployment clients so that they forward DNS information to the Splunk App for Windows Infrastructure indexer.

The Splunk Add-on for Windows DNS collects DNS data and is available on Splunkbase. When you install the add-on into universal forwarders on your DNS servers, the add-on collects DNS data and sends it to the Splunk App for Windows Infrastructure.

More information about the DNS add-on

The following table lists details about the Splunk Add-on for Windows DNS.

Add-on Description
Splunk_TA_microsoft_dns For DNS servers that run Windows Server 2008/2008 R2 and later

Download the Splunk Add-on for Windows DNS

Like the Splunk Add-on for Microsoft Active Directory, the Splunk Add-on for Windows DNS is available on Splunkbase. Make sure you download the latest version of the app. You might need to sign in with your Splunk account before the download starts.

  1. In a web browser, proceed to the Splunk Add-on for Windows DNS download page.
  2. Click the download link to begin the download process.
  3. When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
  4. Use an archive utility such as WinZip to unarchive the file to an accessible location, such as the C:\Program Files\SplunkUniversalForwarder\etc\apps directory.

Configure the Splunk Add-ons for Windows DNS

The Splunk Add-on for Windows DNS does not require configuration by default. When you install it onto DNS servers, it immediately begins collecting data as long as you have configured DNS debug logging.

What's next?

You have downloaded the Splunk App for Windows Infrastructure and can now access the Splunk Add-ons for Window DNS. The next step involves deploying those add-ons into the universal forwarders that you install on your Active Directory DNS servers.

Last modified on 11 March, 2019
Configure Windows Domain Name Server
Confirm and troubleshoot DNS data collection

This documentation applies to the following versions of Splunk® App for Windows Infrastructure: 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1


Hi Daniel333,

See https://docs.splunk.com/Documentation/MSApp/latest/MSInfra/DownloadandconfiguretheSplunkAdd-onsforWindowsDNS#Configure_the_Splunk_Add-ons_for_Windows_DNS for debug options.

Nicolen splunk, Splunker
June 11, 2019

Hi Yungd,

After unzipping the Splunk Add-on for Windows DNS, move the folder to
C:\Program Files\SplunkUniversalForwarder\etc\apps directory.

Nicolen splunk, Splunker
June 7, 2019

What debug options do we have to enable for functionality with the Infra app and Splunk ES ?

August 14, 2018

After unzipping the Splunk Add-on for Windows DNS, where should I move the folder Splunk_TA_microsoft_dns? Should this exist in C:\Program Files\SplunkUniversalForwarder\etc\apps?

July 10, 2018

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters