Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

How to upgrade the Splunk App for Windows Infrastructure

The commands shown in this topic are PowerShell. If you use *nix, substitute the PowerShell directives with their *nix counterparts. If you use different directories for Splunk Enterprise and deployment server, substitute the directories shown with your specific directories.

The search head is the Splunk Enterprise instance that runs the Splunk App for Windows Infrastructure and shows all of the app data. These upgrade instructions should be performed on any host that has been designated as a search head in your deployment.

  1. In case of standalone search head, remove the existing default.xml file from the local folder etc/apps/splunk_app_windows_infrastructure/local/data/ui/nav on the search head.
  2. (Optional) Backup local changes (local folder) created on the search head and search head deployer.
  3. Put the new Splunk App for Windows Infrastructure in the etc/shcluster/apps/ directory on your search head deployer. If you have a single search head, put the new Splunk App for Windows Infrastructure in etc/apps/.
  4. Remove windows_apps.csv from the app:
    • Remove windows_apps.csv lookup if available from etc/shcluster/apps/splunk_app_windows_infrastructure/lookups on the search head deployer. In case of standalone search head, remove it from etc/apps/splunk_app_windows_infrastructure/lookups.
    • Remove following windows_apps lookup definition from etc/shcluster/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on the search head deployer. In case of standalone searchhead, remove it from etc/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on SH.
    [windows_app_lookup]
filename = windows_apps.csv

[windows_apps]
filename=windows_apps.csv
max_matches=1
  5. Push the updated bundle from the search head deployer to all your search heads.
  6. Once the app is pushed successfully, run the guided setup again on any one of the search heads.

Troubleshoot permissions issues after an upgrade

The Splunk App for Windows Infrastructure installs a new user role, winfra-admin. The Splunk user that uses the Splunk App for Windows Infrastructure must have this role, otherwise the app will not function correctly.

If, during the first time process, you see that the app does not find any data and you know that the data exists (such as in the case of an upgrade), be sure to add the winfra-admin role to the user that uses the app, as described in the troubleshooting page.

Last modified on 13 July, 2021
Install the Splunk App for Windows Infrastructure using self service installation on Splunk Cloud   Upgrade from version 1.0.x

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters