Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.
This documentation does not apply to the most recent version of Splunk® App for Windows Infrastructure (Legacy). For documentation on the most recent version, go to the latest release.

How to upgrade the Splunk App for Windows Infrastructure

The commands shown in this topic are PowerShell. If you use *nix, substitute the PowerShell directives with their *nix counterparts. If you use different directories for Splunk Enterprise and deployment server, substitute the directories shown with your specific directories.

The search head is the Splunk Enterprise instance that runs the Splunk App for Windows Infrastructure and shows all of the app data. These upgrade instructions should be performed on any host that has been designated as a search head in your deployment.

  1. In case of standalone search head, remove the existing default.xml file from the local folder on the search head (/etc/apps/splunk_app_windows_infrastructure/local/data/ui/nav).
  2. Backup local changes (local folder) created on the search head and search head deployer (Optional).
  3. Remove the existing app and add-on from your search head (/etc/apps) or search head cluster (/etc/shcluster/apps) environment.
  4. Put the new extracted app in the /etc/shcluster/apps/ directory on your search head deployer. If you have a single search head, put the new extracted app in /etc/apps/.
  5. Copy the local folder in the /etc/shcluster/apps/splunk_app_windows_infrastructure/ on the searchhead deployer (in case of standalone searchhead, put the local folder in /etc/apps/splunk_app_windows_infrastructure/)
  6. Follow below steps to remove windows_apps.csv from the app and Push the updated bundle from the search head deployer to all your search heads.
    • Remove windows_apps lookup from /etc/shcluster/apps/splunk_app_windows_infrastructure/lookups on the searchhead deployer (in case of standalone searchhead, remove it from /etc/apps/splunk_app_windows_infrastructure/lookups).
    • Remove following windows_apps lookup definition from /etc/shcluster/apps/splunk_app_windows_infrastructure/default/transforms.conf on the searchhead deployer (in case of standalone searchhead, remove it from /etc/apps/splunk_app_windows_infrastructure/default/transforms.conf)
    [windows_app_lookup]
    filename = windows_apps.csv
    
    [windows_apps]
    filename=windows_apps.csv
    max_matches=1
    
  7. Once the apps are pushed successfully, run the guided setup again on any one of the search heads.

    Troubleshoot permissions issues after an upgrade

    The Splunk App for Windows Infrastructure installs a new user role, winfra-admin. The Splunk user that uses the Splunk App for Windows Infrastructure must have this role, otherwise the app will not function correctly.

    If, during the first time process, you see that the app does not find any data and you know that the data exists (such as in the case of an upgrade), be sure to add the winfra-admin role to the user that uses the app, as described in the troubleshooting page.

Last modified on 04 December, 2018
Install the Splunk App for Windows Infrastructure using self service installation on Splunk Cloud   Upgrade from version 1.0.x

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 1.4.4, 1.5.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters