Install the Splunk Add-on for Windows
The Splunk Add-on for Windows 5.0.1 is not compatible with the Splunk App for Windows Infrastructure version 1.4.4 and the Splunk App for Microsoft Exchange version 3.4.4. Use the Splunk Add-on for Windows 4.8.4 if you want to use either of these apps.
- Get the Splunk Add-on for Windows by downloading it from https://splunkbase.splunk.com/app/742 or browsing to it using the app browser within Splunk Web.
- Determine where and how to install this add-on in your deployment, using the tables on this page.
- Perform any prerequisite steps before installing, if required and specified in the tables below.
- Complete your installation.
If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.
Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.
Where to install this add-on
Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.
|Splunk instance type||Supported||Required||Comments|
|Search Heads||Yes||Yes||If you want Windows data from a host that acts as a search head, install the add-on there. The host must run a supported version of Windows.|
|Indexers||Yes||Yes||The host must run a supported version of Windows. The add-on performs index-time extractions that necessitate installation on an indexer.|
|Heavy Forwarders||Yes||Conditional||This add-on supports forwarders of any type for data collection. The host must run a supported version of Windows.|
|Universal Forwarders||Yes||Yes||You must install the add-on into a universal forwarder on a host to get data from that host. The host must run a supported version of Windows.|
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features.
|Distributed deployment feature||Supported||Comments|
|Search Head Clusters||Yes|| You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. |
Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the
2. Remove the
|Indexer Clusters||Yes||To get data from an indexer cluster member, install the add-on into that member.|
|Deployment Server||Yes||You can deploy the add-on to indexers, forwarders, and search heads.|
The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:
Installation and configuration overview for the Splunk Add-on for Windows
Install the Splunk Add-on for Windows with Forwarder Management
This documentation applies to the following versions of Splunk® Add-on for Windows: 5.0.0, 5.0.1