Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.

How to upgrade the Splunk App for Windows Infrastructure

The commands shown in this topic are PowerShell. If you use *nix, substitute the PowerShell directives with their *nix counterparts. If you use different directories for Splunk Enterprise and deployment server, substitute the directories shown with your specific directories.

The search head is the Splunk Enterprise instance that runs the Splunk App for Windows Infrastructure and shows all of the app data. Perform these upgrade instructions on any host that has been designated as a search head in your deployment.

  1. (Only applies if you are upgrading from v2.0.2 or below) Remove the role "winfra-admin" from all the users. This is important because this role has been removed from Splunk App for Windows Infrastructure v2.0.3 or higher. There can be unexpected errors if any of the user is still assigned with this role after upgrade.
  2. In case of standalone search head, remove the existing default.xml file from the local folder etc/apps/splunk_app_windows_infrastructure/local/data/ui/nav on the search head.
  3. (Optional) Backup local changes (local folder) created on the search head and search head deployer.
  4. (Only applies if you are if upgrading from v2.0.2 or below) As "winfra-admin" role is removed from the app, follow these steps to remove the definition of "winfra-admin" role from the app package on your search head deployer:
    1. Remove authorize.conf file from etc/shcluster/apps/splunk_app_windows_infrastructure/default/. If you have single search head, remove the authorize.conf file from the etc/apps/splunk_app_windows_infrastructure/default/ directory. This needs to be removed from the splunk_app_windows_infrastructure/default/ directory because the new package doesn't contain an authorize.conf file.
    2. Remove the [role_winfra-admin] stanza and its related values from the etc/shcluster/apps/splunk_app_windows_infrastructure/local/authorize.conf. If you have single search head, remove the [role_winfra-admin] stanza and its related values from etc/apps/splunk_app_windows_infrastructure/local/authorize.conf.
  5. Install the new Splunk App for Windows Infrastructure in the etc/shcluster/apps/ directory on your search head deployer. If you have a single search head, install the Splunk App for Windows Infrastructure in etc/apps/.
  6. Remove windows_apps.csv from the app:
    • Remove windows_apps.csv lookup if available from etc/shcluster/apps/splunk_app_windows_infrastructure/lookups on the search head deployer. In the case of standalone search head, remove it from etc/apps/splunk_app_windows_infrastructure/lookups.
    • Remove the windows_apps_lookup and windows_apps definitions from etc/shcluster/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on the search head deployer. In the case of standalone search head, remove the windows_apps_lookup definition from etc/apps/splunk_app_windows_infrastructure/local/transforms.conf if available on the search head.
      [windows_app_lookup] 
      filename = windows_apps.csv
      
      [windows_apps]
      filename=windows_apps.csv
      max_matches=1
      
  7. Push the updated bundle from the search head deployer to all your search heads.
  8. Once you have successfully pushed the app, run the guided setup again on any one of the search heads.
Last modified on 27 August, 2021
Install the Splunk App for Windows Infrastructure using self service installation on Splunk Cloud   Upgrade from version 1.0.x

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 2.0.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters