Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

Install the Splunk App for Windows Infrastructure on the Search Head

The Splunk App for Windows Infrastructure lets you view all of the data that you have collected during the setup process. This topic discusses installing the app as well as some required add-ons (described in detail) that complete the process and allow you to use the app.

Final setup phase

If you have followed the instructions in this manual, then by completing the procedures in this topic, you will complete the setup phase for the app.

The final tasks for setup are:

  • Install the Splunk Add-on for Windows on the search head.
  • Install the Splunk Supporting Add-on for Active Directory on the search head.
  • Install the Splunk App for Windows Infrastructure on the search head.

In this procedure, you will install all of these components on the same server you installed in the basic infrastructure step.

Where is the search head?

In this manual, the search head is the indexer that you first set up. All Splunk Enterprise instances have an inherent capability of being a search head when they hold indexed data.

When you scale the Splunk App for Windows Infrastructure, the search head is on a separate host from the indexer. See Size a Splunk App for Windows Infrastructure deployment.

Install the Splunk Add-on for Windows

As part of getting Windows data into the instance, you have already installed the Splunk Add-on for Windows. To activate the Splunk Add-on for Windows for the Splunk App for Windows Infrastructure, copy the add-on from either the location where you saved the download or the deployment apps directory to the Splunk apps directory:

> Copy-Item -Path C:\Program Files\Splunk\etc\deployment-apps\Splunk_TA_windows -Destination C:\Program Files\Splunk\etc\apps -Recurse -Force

Install the Splunk Supporting Add-on for Active Directory (SA-ldapsearch)

Next, install and configure the Splunk Supporting Add-on for Active Directory in the Splunk apps directory:

  1. In a web browser, proceed to the Splunk Supporting Add-on for Active Directory download page.
  2. Click the download link to begin the download process.
    • Make sure you download the latest version of the add-on.
    • You might need to sign in with your Splunk account before the download starts.
  3. When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
  4. Use an archive utility such as WinZip or tar to unarchive the file to the Splunk apps directory.
  5. The Splunk Supporting Add-on for Active Directory (SA-ldapsearch) must be configured properly and reside on all search heads in the deployment. See Configure the Splunk Supporting Add-on for Active Directory.

Install the Splunk App for Windows Infrastructure

The final piece of software to install is the Splunk App for Windows Infrastructure itself.

As part of getting Active Directory data into the instance, you have already downloaded the Splunk App for Windows Infrastructure. To activate the app:

  1. Copy it from the location you saved the download previously to the Splunk apps directory:
    > Copy-Item -Path C:\Downloads\splunk_app_windows_infrastructure -Destination C:\Program Files\Splunk\etc\apps -Recurse -Force
    
  2. Restart Splunk Enterprise on each machine in the instance.
  3. Log back in to Splunk Enterprise.

Add the "winfra-admin" role to the user that will run the app on the search head

To use the Splunk App for Windows Infrastructure, the winfra-admin role must be present. The Splunk App for Windows Infrastructure provides this role, but you must assign it to the user that will run the app.

  1. Log into Splunk Enterprise on the deployer.
  2. In the system bar, click Settings > Access controls.
  3. Click Users.
  4. Click the user that will run the application. Splunk Enterprise displays the information page for the user.
  5. In the Assign to roles section, in the Available roles column, click winfra-admin role. The role moves from the "Available roles" to the Selected roles column. Note: If you do not see the winfra-admin role in the list, make sure that you have installed the application, as described in "Install the Splunk App for Windows Infrastructure on the deployer".
  6. Click Save. Splunk Enterprise assigns the role to the user you selected.

What's next?

You have completed setup of the Splunk App for Windows Infrastructure.

Now, you can log into Splunk Enterprise and complete the first-time setup experience.

Last modified on 13 July, 2021
Sample DNS searches and dashboards   Install the Splunk App for Windows Infrastructure on a search head cluster

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.5.0, 1.5.1, 1.5.2, 2.0.0, 2.0.1, 2.0.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters