Download and configure the Splunk Add-on for Windows
In this part of the setup process, you get Windows data into the Exchange App environment by installing the Splunk Add-on for Windows.
About the Splunk Add-on for Windows
The Splunk Add-on for Windows collects Windows data from Windows hosts. In the context of the Splunk App for Microsoft Exchange, the add-on collects Windows data and provides knowledge objects for the app. You should deploy the Splunk Add-on for Windows to the following components of a Splunk App for Microsoft Exchange environment:
- All hosts that run Exchange Server.
- All hosts that run Active Directory Domain Services (including domain controllers and DNS servers).
- All Windows hosts from which you want Windows data.
- All indexers.
- All search heads.
- Basically, everywhere.
Download the Splunk Add-on for Windows
You can download the Splunk Add-on for Windows from Splunkbase.
- In a web browser, proceed to the Splunk Add-on for Windows download page.
- Click the download link to begin the download process. You might need to sign in with your Splunk account before the download starts.
- When prompted, choose an accessible location on your deployment server to save the download. Do not attempt to run the download.
- Use an archive utility such as WinZip to unarchive the file to an accessible location.
Configure the Splunk Add-on for Windows
Before the add-on can collect Windows data, you must configure it.
- In the location where you unarchived the download file, locate the
- Inside this directory, make a subdirectory
- Copy the
inputs.conffile in the
defaultsubdirectory to the
- Open the
localsubdirectory with a text editor, such as Notepad.
- Enable the Windows inputs you want to get data for. Do this by changing the value of the
disabledattribute in each input stanza from 1 to 0.
Note: At a minimum, enable the following sets of inputs:
Input: Supported page(s):
POP3/IMAP4 access from Exchange Client Access Servers
[perfmon://FreeDiskSpace], [perfmon://Memory], [perfmon://LocalNetwork], [perfmon://CPUTime]
Performance Monitoring Network Monitoring inputs Network Monitoring Print Monitoring inputs Print Monitoring Host Monitoring inputs Host Monitoring
- Save the
inputs.conffile in the
You have downloaded and configured the Splunk Add-on for Windows. Next, you will deploy it to the deployment clients. After they receive the add-on, they use the configuration in the "send to indexer" app to send Windows data to the indexer.
Add the universal forwarder to the server class
Deploy the Splunk Add-on for Windows
This documentation applies to the following versions of Splunk® App for Microsoft Exchange: 3.4.1