Deploy the Splunk Add-on for Windows

This topic discusses deploying the Splunk Add-on for Windows to the deployment clients that you have configured to connect to the deployment server. Once you deploy the add-on, the deployment clients begin collecting Windows data and sending it to the indexer.

Place the add-on in the deployment apps directory on the deployment server

The deployment server must be made aware of the new app. You do this by placing it in the deployment apps directory:

1. Open a command prompt on the deployment server/indexer.
2. Copy the entire Splunk Add-on for Windows folder from its current location to the deployment apps directory:

> Copy-Item -Path C:\Downloads\Splunk_TA_Windows -Destination "C:\Program Files\Splunk\etc\deployment-apps\Splunk_TA_Windows" -Recurse

3. Tell the deployment server to reload its deployment configuration.

> cd \Program Files\Splunk\bin
> .\splunk reload deploy-server

4. From a web browser, log into Splunk Enterprise on the deployment server.
5. In the system bar, select Settings > Forwarder Management.
6. Click the Apps tab. You should see the Splunk_TA_Windows add-on in the list of apps.
7. In the "Splunk_TA_Windows" add-on entry in the list, click Edit. Splunk Enterprise loads the "Edit App: Splunk_TA_Windows" page.
8. Click the gray "+" sign under "Server Classes".
9. Select the "Universal Forwarders" server class you created during initial setup.. Splunk Enterprise displays the deployment clients that will receive the app in the lower half of the page. You should see the deployment client that you set up previously.
10. Click Save. Splunk Enterprise saves the configuration, returns you to the Forwarder Management menu, and deploys the Splunk_TA_Windows app to the deployment client.

What's next?

You have now deployed the Splunk Add-on for Windows onto your deployment client. In the future, you can use this procedure to deploy the add-on to additional clients.

Next, you will confirm that Windows data is coming into the indexer.