Docs » Get started with the Splunk Distribution of the OpenTelemetry Collector » Install and deploy the Collector » Install the Collector for Windows with the installer script

Install the Collector for Windows with the installer script πŸ”—

The Splunk Distribution of OpenTelemetry Collector for Windows is a package that provides integrated collection and forwarding for all data types. Install the package using one of these methods:

Alternatively, you can install the Collector for Windows manually.

Prerequisites πŸ”—

The Splunk Distribution of OpenTelemetry Collector for Windows has the following requirements depending on the install method:

Install method

Supported versions (64-bit)

Installer script

Windows 2012, 2016, 2019, 2022

Windows installer (MSI)

Windows 2012, 2016, 2019, 2022


Windows 2012, 2016, 2019, 2022


Windows 2019, 2022


Windows 2012, 2016, 2019


Windows 2012, 2016, 2019


Windows 2019, 2022

Installer script πŸ”—

The installer script is available for Windows 64-bit environments, and deploys and configures the Splunk Distribution of OpenTelemetry Collector for Windows and Fluentd (using the td-agent).

To install the package using the installer script, follow these steps:

  1. Ensure that you have Administrator access on your host.

  2. Run the following PowerShell command on your host, replacing the following variables for your environment:

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}


If needed, activate TLS in PowerShell using the following command:

[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor [Net.SecurityProtocolType]::Tls12

Configure memory allocation πŸ”—

To configure memory allocation, use the memory parameter. By default, this parameter is set to 512 MiB, or 500 x 2^20 bytes, of memory. Increase this setting to allocate more memory, as shown in the following example.

& {Set-ExecutionPolicy Bypass -Scope Process -Force; $script = ((New-Object System.Net.WebClient).DownloadString('')); $params = @{access_token = "SPLUNK_ACCESS_TOKEN"; realm = "SPLUNK_REALM"; memory = "SPLUNK_MEMORY_TOTAL_MIB"}; Invoke-Command -ScriptBlock ([scriptblock]::Create(". {$script} $(&{$args} @params)"))}

Replace SPLUNK_MEMORY_TOTAL_MIB with the desired integer value.

Configure proxy settings πŸ”—

If you need to use a proxy, set one of the following environment variables according to your needs:

  • HTTP_PROXY: Address of the proxy for HTTP request. Port is optional.

  • HTTPS_PROXY: Address of the proxy for HTTPS request. Port is optional.

  • NO_PROXY: If a proxy is defined, sets addressess that don’t use the proxy.

Restart the Collector after adding these environment variables to your configuration.


For more information on proxy settings, see Configure proxy settings.

Configure Fluentd for log collection πŸ”—

By default, the Fluentd service is installed and configured to forward log events with the @SPLUNK label and send these events to the HEC ingest endpoint determined by the --realm <SPLUNK_REALM> option. For example, https://ingest.<SPLUNK_REALM>

To configure the package to send log events to a custom HEC endpoint URL, you can specify the following parameters for the installer script:

  • hec-url = "<URL>"

  • hec-token = "<TOKEN>"

The main Fluentd configuration file is installed to <drive>\opt\td-agent\etc\td-agent\td-agent.conf, where <drive> is the driver where Fluentd is installed. Custom Fluentd source configuration files can be added to the <drive>\opt\td-agent\etc\td-agent\conf.d directory after installation.

Note the following:

  • In this directory, all files with the .conf extension are automatically included by Fluentd.

  • By default, Fluentd is configured to collect from the Windows Event Log. See <drive>\opt\td-agent\etc\td-agent\conf.d\eventlog.conf for the default configuration.

After any configuration modification, apply the changes by restarting the system or running the following PowerShell commands:

Stop-Service fluentdwinsvc
Start-Service fluentdwinsvc

Start the Collector executable manually πŸ”—

If you experience unexpected start failures, try to start the Collector executable manually.

To do so, run the following PowerShell command as an Admin:

& 'C:\Program Files\Splunk\OpenTelemetry Collector\otelcol.exe' --config 'C:\ProgramData\Splunk\OpenTelemetry Collector\agent_config.yaml'

Deployments πŸ”—

Splunk offers the configuration management options described in this section.

Ansible πŸ”—

Splunk provides an Ansible role that installs the package configured to collect data (metrics, traces, and logs) from Windows machines and send that data to Observability Cloud. See Ansible for Windows for the instructions to download and customize the role.

Chef πŸ”—

Splunk provides a cookbook to install the Collector using Chef. See Chef for the installation instructions.

Nomad πŸ”—

Use Nomad to deploy the Collector. See Nomad for the installation instructions.

Puppet πŸ”—

Splunk provides a Puppet module to install and configure the package. A module is a collection of resources, classes, files, definition, and templates. See Puppet for Windows for the instructions to download and customize the module.

Next steps πŸ”—

Once you have installed the package, you can perform these actions: