Splunk® App for Windows Infrastructure (Legacy)

Deploy and Use the Splunk App for Windows Infrastructure

On October 20, 2021, the Splunk App for Windows Infrastructure will reach its end of life. After this date, Splunk will no longer maintain or develop this product. The functionality in this app is migrating to a content pack in Data Integrations. Learn about the Content Pack for Windows Dashboards and Reports.

What data the Splunk App for Windows Infrastructure collects

The Splunk App for Windows Infrastructure's associated add-ons collect data from your Windows servers. They then send the data to an index, which the app uses in its dashboards, charts, and reports. This topic discusses the specifics of the data that the app collects and displays.

The Splunk App for Windows Infrastructure collects the following data using file inputs:

  • Performance monitoring data.
  • Active Directory logs (via the Splunk Add-on for Windows and the Splunk Add-on for Active Directory suite.)
  • Windows network, host, and printer monitoring information (via the Splunk Add-on for Windows.)
  • Windows Event logs (via the Splunk Add-on for Windows):
    • Security Logs
    • Application logs

If you're using TA-Windows version 6.0.0 or later, you don't need TA_AD and TA_DNS. TA_AD and TA_DNS are merged with TA-Windows version 6.0.0.

Indexes that the Splunk App for Windows Infrastructure uses

The Splunk App for Windows Infrastructure puts the data it indexes into several indexes:

  • Windows host, networking, and printer data get indexed into the windows index.
  • The Windows event logs get indexed into the wineventlog index.
  • The performance monitor logs get indexed into the perfmon index.
  • The Active Directory data gets indexed into the msad index.
Last modified on 06 February, 2020
Permissions checklist   What a Splunk App for Windows Infrastructure deployment looks like

This documentation applies to the following versions of Splunk® App for Windows Infrastructure (Legacy): 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters