Download and configure the Splunk Add-on for Windows
In this part of the setup process, you get Windows data into the Exchange App environment by installing the Splunk Add-on for Windows.
About the Splunk Add-on for Windows
The Splunk Add-on for Windows collects Windows data from Windows hosts. In the context of the Splunk App for Microsoft Exchange, the add-on collects Windows data and provides knowledge objects for the app. You should deploy the Splunk Add-on for Windows to the following components of a Splunk App for Microsoft Exchange environment:
- All hosts that run Exchange Server.
- All hosts that run Active Directory Domain Services (including domain controllers and DNS servers).
- All Windows hosts from which you want Windows data.
- All indexers.
- All search heads.
- Basically, everywhere.
Download the Splunk Add-on for Windows
You can download the Splunk Add-on for Windows from Splunkbase.
- In a web browser, proceed to the Splunk Add-on for Windows download page.
- Click the download link to begin the download process. You might need to sign in with your Splunk account before the download starts.
- When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
- Use an archive utility such as WinZip to unarchive the file to an accessible location.
Configure the Splunk Add-on for Windows
Before the add-on can collect Windows data, you must configure it.
- In the location where you unarchived the download file, locate the
Splunk_TA_Windows
directory. - Inside this directory, make a subdirectory
local
. - Copy the
inputs.conf
file in thedefault
subdirectory to thelocal
directory. - Open the
inputs.conf
in thelocal
subdirectory with a text editor, such as Notepad. - Enable the Windows inputs you want to get data for. Do this by changing the value of the
disabled
attribute in each input stanza from 1 to 0.
Note: At a minimum, enable the following sets of inputs:
Input: Supported page(s): [WinEventLog://Application]
,[WinEventLog://Security]
,[WinEventLog://System]
POP3/IMAP4 access from Exchange Client Access Servers Event Monitoring
[perfmon://FreeDiskSpace], [perfmon://Memory], [perfmon://LocalNetwork], [perfmon://CPUTime]
Performance Monitoring Network Monitoring inputs Network Monitoring Print Monitoring inputs Print Monitoring Host Monitoring inputs Host Monitoring - Save the
inputs.conf
file in thelocal
subdirectory.
Next Step
You have downloaded and configured the Splunk Add-on for Windows. Next, you will deploy it to the deployment clients. After they receive the add-on, they use the configuration in the "send to indexer" app to send Windows data to the indexer.
Add the universal forwarder to the server class | Deploy the Splunk Add-on for Windows |
This documentation applies to the following versions of Splunk® App for Microsoft Exchange (EOL): 3.4.1
Feedback submitted, thanks!