Install the Splunk Add-on for Windows
Where to install the add-on
The Splunk Add-on for Windows can be installed on a search head, an indexer, or a forwarder. It can be installed manually, with the CLI, or with Forwarder Management, depending on the type of Splunk instance you install it into.
When you install it onto a forwarder, you must configure it to collect Windows data and send it to an indexer.
When you install it onto an indexer or search head, you can configure it to collect Windows data from that indexer or search head. Otherwise, you do not need to configure the add-on.
How to install the add-on
To install the add-on into a universal forwarder, you can install it manually with Splunk Web or the CLI, or use Forwarder Management. You cannot install the add-on using the universal forwarder CLI. This is because the CLI cannot install apps because it does not have Python.
To install the add-on into many universal forwarders using the Forward Management interface included with Splunk Enterprise, see "Deploy the Splunk Add-on for Windows with Forwarder Management".
Install the add-on from the command line
On Splunk Enterprise indexers and search heads, you can install the add-on from the command line, using the CLI.
On Splunk universal forwarders, you cannot install the add-on with the CLI. See Install the add-on on a universal forwarder.
- Download the Splunk Add-on for Windows from Splunkbase.
- Run the
splunk installCLI command:> cd \opt\splunk\bin > .\splunk install app <path>\splunk-add-on-for-microsoft-windows.tar.gz App 'windows' is installed.
Note: You might be required to log into your Splunk Enterprise instance before it installs the app.
- (Optional) configure the add-on to enable Windows inputs. Note: You do not need to configure the input when you install it on a search head unless you want to collect Windows data from that search head.
Install the add-on with Splunk Web
You can install the add-on with Splunk Web, provided you do so on a full instance of Splunk Enterprise such as a search head or indexer. The most common use case for this method of installation is to provide support for another app that is on the same host.
Splunk Web is available for installations of the Splunk add-on for Windows on full instances of Splunk Enterprise only. It is not available for installations on universal or light forwarders.
- Download the Splunk Add-on for Windows from Splunkbase. The file downloads with a
.tar.gzextension. Do not attempt to run this file. - Log into Splunk Web on the Splunk Enterprise instance on which you want to install the app.
- After you log in, click the App menu from the upper right menu bar, and select Manage apps...
- On the next page, click the Install app from file button.
- On the Upload a file screen, click Browse...
- Locate the downloaded
splunk-add-on-for-microsoft-windows.tar.gzfile and click Open. - Click Upload. Splunk Enterprise opens the
splunk-add-on-for-microsoft-windows.tar.gzpackage and installs the application. - Click the Restart Splunk button or the link in the banner to restart Splunk.
- After Splunk restarts, click OK to return to the Splunk login page.
- (Optional) configure the add-on to enable Windows inputs.
Install the add-on on a universal forwarder
You cannot use Splunk Web or the CLI to install the add-on on a universal forwarder.
- Download the Splunk Add-on for Windows from Splunkbase.
- Unarchive the
splunk-add-on-for-microsoft-windows.tar.gzfile into%SPLUNK_HOME%\etc\appswith a file archive extraction utility. - (Optional) Configure the add on to enable Windows inputs.
| Other deployment considerations | Deploy the Splunk Add-on for Windows in a distributed environment |
This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4
Download manual
Feedback submitted, thanks!