All Apps and Add-ons

Splunk Add-on for Microsoft Windows: Which components should I deploy the add-on to?

shubham87
Explorer

We have a distributed Splunk environment. We are using a universal forwarder to get logs from a Windows server. Deployment server is being used to deploy apps to different components. To which components should I deploy the Splunk Add-on for Microsoft Windows?

0 Karma

woodcock
Esteemed Legend

It depends but the general answer is "probably everywhere except for linux forwarders". See here:

https://docs.splunk.com/Documentation/WindowsAddOn/latest/User/DeploytheSplunkAdd-onforWindowsinadis...

0 Karma

adonio
Ultra Champion

hello there,

start here:
http://docs.splunk.com/Documentation/MSApp/1.4.1/MSInfra/WhataSplunkAppforWindowsInfrastructuredeplo...
and read thoroughly through the doc
it explains in detail where each component (TA / app / SA) should be
the TA for windows itself should be on all splunk components, Forwarder, indexer and Search Head.
also on the Deployment Server (in /etc/deployment-apps) if you use it to push to forwarders.
hope it helps

0 Karma
Get Updates on the Splunk Community!

Cloud Platform | Customer Change Announcement: Email Notification Will Be Available ...

The Notification Team is migrating our email service provider since currently there’s no support ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...