Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

This documentation does not apply to the most recent version of Splunk® Add-on for Windows. For documentation on the most recent version, go to the latest release.

Deploy the Splunk Add-on for Windows in a distributed environment

If you want to install the Splunk Add-on for Windows in a distributed Splunk Enterprise environment, you must do so in a different way than you do when you install on a single host.

See the platform hardware requirements page for information on supported installation locations.

The following instructions are generic. You might need to make adjustments and configuration changes based on your network topology. A deployment server can help ease configuration of a large number of clients in a distributed environment.

Install the Splunk Add-on for Windows on an indexer

  1. Install full Splunk Enterprise onto each of the indexers, if you have not already.
  2. configure each indexer to receive data from forwarders.
  3. Complete the procedure in "Install the Splunk Add-on for Windows" to place the Splunk Add-on for Windows onto the indexer.
  4. If the indexer is a Windows host and you want to collect Windows data from it, configure the add-on on that host.
  5. Restart Splunk Enterprise on each host to complete the add-on installation.

Install the Splunk Add-on for Windows on a search head

  1. Identify the hosts that will act as search heads in your deployment.
  2. Install Splunk Enterprise onto each of these computers, if it has not already been installed.
  3. On each host, configure Splunk Enterprise to search across all of the indexers in the deployment that will store Windows data.
  4. Complete the procedure in Install the Splunk Add-on for Windows to place the Splunk Add-on for Windows components onto each search head.
  5. Restart Splunk Enterprise to complete the add-on installation.

Install the Splunk Add-on for Windows on a forwarder

  1. Identify the hosts from which you want to collect Windows data.
  2. Install a Splunk universal forwarder on these hosts.
  3. Configure the forwarder to send data to the indexers in the deployment.
  4. Complete the procedure in "Install the Splunk Add-on for Windows" to place the Splunk Add-on for Windows into each universal forwarder.
  5. Configure the add-on to collect the data that you want.
  6. Restart the universal forwarder to complete the add-on installation.

Use a deployment server and Forwarder Management to deploy the Splunk Add-on for Windows

Complete the procedure at "Deploy the Splunk Add-on for Windows with Forwarder Management."

Last modified on 23 February, 2018
Install the Splunk Add-on for Windows   Deploy the Splunk Add-on for Windows with Forwarder Management

This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters