Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of WindowsAddOn. Click here for the latest version.
Acrobat logo Download topic as PDF

Platform and hardware requirements

Hardware and operating system requirements

The Splunk Add-on for Windows installs onto any type of Splunk Enterprise instance. On Splunk Enterprise instances that run Splunk Web, it has a single configuration panel as an interface. On universal forwarders, you must configure the add-on with configuration files.

The add-on installs on Splunk Enterprise instances that run on many current versions of Windows, including:

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows Server 2008/2008 R2
  • Windows Server 2012/2012 R2

The add-on does not support:

  • Windows 95/98/Me
  • Windows NT Workstation/Server 3.1/3.5/4.0
  • Windows 2000 Workstation/Server
  • For details about supported versions of Windows for Splunk, see System requirements in the Splunk Enterprise Installation Manual.
  • For details on how and where to deploy the Splunk Add-on for Windows, including installation on other operating systems, read "Other deployment considerations" in this manual.

Distributed installation of this add-on

This table provides a reference for installing the Splunk Add-on for Windows onto a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes No If you want Windows data from a host that acts as a search head, install the add-on there. The host must run a supported version of Windows.
Indexers Yes Yes The host must run a supported version of Windows. The add-on performs index-time extractions that necessitate installation on an indexer.
Heavy Forwarders Yes No The host must run a supported version of Windows.
Universal Forwarders Yes Yes You must install the add-on into a universal forwarder on a host to get data from that host. The host must run a supported version of Windows.
Light Forwarders Yes No The host must run a supported version of Windows.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes
Indexer Clusters Yes To get data from an indexer cluster member, install the add-on into that member.
Deployment Server Yes You can deploy the add-on to indexers, forwarders, and search heads.

What versions of Splunk does the add-on support?

All instances of Splunk in a Splunk Add-on for Windows deployment must also run a version between 6.0 and 7.3.

Last modified on 18 July, 2019
How to get support and find more information about Splunk
What data the Splunk Add-on for Windows collects

This documentation applies to the following versions of Splunk® Add-on for Windows: 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters