How this add-on fits into the Splunk picture
The Splunk Add-on for Windows is one of a variety of apps and add-ons available within the Splunk Enterprise ecosystem. All Splunk apps and add-ons run on top of a core Splunk Enterprise installation. You install Splunk Enterprise first, and then install the Splunk Add-on for Windows.
The following diagram depicts an example of the use of the Splunk Add-on for Windows:
This diagram shows a typical deployment for the Splunk App for Windows Infrastructure, which uses the Splunk Add-on for Windows heavily. In this diagram, we have highlighted the places where you install the Splunk Add-on for Windows in light blue.
In many cases, the add-on collects Windows information from Windows hosts. In some other cases, such as on the indexer, the add-on provides data models and field extractions for the Splunk App for Windows Infrastructure and other Splunk apps. In others, it combines with other add-ons such as the Splunk Supporting Add-on for Active Directory to provide additional knowledge objects.
Learn more about Splunk and Splunk apps
New to Splunk?
How to get support and find more information about Splunk
This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4