Splunk® Enterprise

Admin Manual

Download manual as PDF

Splunk version 4.x reached its End of Life on October 1, 2013. Please see the migration information.
This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Download topic as PDF

Introduction for Windows admins


This is the Getting started chapter for Windows Administrators. If you're looking for information on Splunk for Windows, you've come to the right place.

What's the purpose of this chapter?

Splunk is a powerful, effective tool for Windows administrators to resolve problems that occur on their Windows networks. Its out-of-the-box feature set positions it to be the secret weapon in the Windows administrator's toolbox. The ability to add apps that augment its functionality makes it even more extensible. And it has a growing, thriving community of users.

This page is written with this group of users in mind. It's intended to be a central resource for Windows administrators to refer to in order to get the most out of Splunk. It provides documentation and links on how to install, evaluate, deploy, maintain and troubleshoot Splunk on Windows. This makes it easier for Windows customers to consult specific reference and procedures about how to implement and customize their Splunk on Windows experience.

How to use this chapter

This chapter has topics that will help you experiment with, learn, deploy, and get the most out of Splunk. The topics reference other material in the Splunk documentation that is of interest to Windows administrators.

Try Splunk out explains how to evaluate Splunk. In this chapter, you learn what Splunk is. You also learn how to install it and what system requirements need to be met before doing so. This topic is for anyone who does not have any experience with Splunk on Windows, and for beginners who want to evaluate the product.

Learn what Splunk does describes Splunk's capabilities. It provides links to several areas of the documentation that explain in detail how to index, search, report and alert on data coming into Splunk. In this topic, you learn how it works on the Windows platform, and what Windows components Splunk is capable of monitoring. This topic is for administrators who want to understand the inner workings of Splunk.

Integrate Splunk into your enterprise provides guidance on how to add Splunk to an existing Windows network, or incorporate it into a new one. It's meant for senior administrators or IT directors. Included in this topic are high-level planning scenarios for Splunk integration as well as various step-by-step procedures on how to incorporate Splunk into systems and networks.

Get the most out of Splunk caters to administrators or managers who have already integrated Splunk into their environments and need reference or tips on keeping Splunk running. It provides tips on how to troubleshoot Windows-specific problems that occur throughout the course of its operation.

Depending on your circumstances and experience level, you can read through one or more of these topics at your leisure. You can do this in sequence, or go directly to the topic that best suits your needs. Later, you can use this topic as a point of reference, if needed.

Those new to Splunk on Windows should read this chapter from beginning to end. If you already know how to use Splunk and just want technical or reference information, the later topics are more appropriate for your needs.

If you need help

If you are looking for in-depth Splunk knowledge, a number of education programs are available.

When you get stuck, Splunk has a large free support infrastructure that can help:

If you still don't have an answer to your question, you can get in touch with Splunk's support team. The Support Contact page tells you how to do that.

Note: Levels of support above the community level require an Enterprise license. To get one, you'll need to speak with the Sales team.

Thanks for reading!

Use Splunk Web with a proxy server
Try Splunk out

This documentation applies to the following versions of Splunk® Enterprise: 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6, 5.0.7, 5.0.8, 5.0.9, 5.0.10, 5.0.11, 5.0.12, 5.0.13, 5.0.14, 5.0.15, 5.0.16, 5.0.17, 5.0.18

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters