Splunk® Add-on for Windows

Deploy and Use the Splunk Add-on for Windows

Download manual as PDF

This documentation does not apply to the most recent version of WindowsAddOn. Click here for the latest version.
Download topic as PDF

Upgrade the Splunk Add-on for Windows in a distributed deployment

For optimized use of your Splunk license, upgrade the Splunk Add-on for Windows by installing it on your Splunk platform components in the following order:

  1. Search heads
  2. Search head clusters
  3. Nonclustered indexers, Windows heavy forwarders, and intermediate forwarders
  4. Clustered indexers
  5. Deployment servers

Upgrade the Splunk Add-on for Windows on a search head

Follow these steps to install your upgraded version of the Splunk Add-on for Windows on each search head:

  1. Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
  2. Expand your downloaded file.
  3. On each search head, copy the expanded folder into the $SPLUNK_HOME/etc/apps directory.
  4. Restart each search head.

Upgrade the Splunk Add-on for Windows on a search head cluster

To upgrade an add-on on a search head cluster, remove the previous version and push the upgraded version to the cluster:

  1. Remove the existing Splunk_TA_Windows folder from the $SPLUNK_HOME/etc/shcluster/apps directory.
  2. Push this change to the cluster using the splunk apply shcluster-bundle command.
  3. Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
  4. Expand your downloaded file.
  5. Copy the expanded folder into the $SPLUNK_HOME/etc/shcluster/apps directory.
  6. Push the upgraded version to the cluster using the splunk apply shcluster-bundle command.

Upgrade the Splunk Add-on for Windows on nonclustered indexers, Windows heavy forwarders, and intermediate forwarders

Complete the following steps to upgrade these components:

  1. Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
  2. Expand your downloaded file to a temporary location.
  3. Remove the following files:
    1. <app>/bin
    2. <app>/default/eventgen.conf
    3. <app>/default/inputs.conf
    4. <app>/default/wmi.conf
    5. <app>/default/indexes.conf
  4. Copy the expanded Splunk_TA_Windows folder to the $SPLUNK_HOME/etc/apps directory.

Upgrade the Splunk Add-on for Windows on an indexer cluster

Follow these steps to upgrade the Splunk add-on for Windows on each of your indexer clusters:

  1. Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
  2. Expand your downloaded file.
  3. Review the use of index in all inputs associated with the Splunk Add-on for Windows and identify all indexes
  4. Ensure each index has been defined in indexes.conf in the appropriate location under $SPLUNK_HOME/etc/master_apps
  5. Copy the expanded Splunk_TA_Windows folder to the $SPLUNK_HOME/etc/master_apps directory on the cluster master.
  6. Apply the cluster bundle

Upgrade the Splunk Add-on for Windows using a deployment server

You can use a deployment server to upgrade the Splunk Add-on for Windows in your distributed deployment:

  1. Download the upgraded version of the Splunk Add-on for Windows from Splunkbase.
  2. Expand your downloaded file.
  3. Copy the expanded Splunk_TA_Windows folder to the $SPLUNK_HOME/etc/deployment-apps directory.
  4. Restart the deployment server.
PREVIOUS
Upgrade the Splunk Add-on for Windows
  NEXT
Configure the Splunk Add-on for Windows

This documentation applies to the following versions of Splunk® Add-on for Windows: 5.0.1


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters