All Apps and Add-ons
Highlighted

Splunk Add-on for Microsoft Windows: Which components should I deploy the add-on to?

Explorer

We have a distributed Splunk environment. We are using a universal forwarder to get logs from a Windows server. Deployment server is being used to deploy apps to different components. To which components should I deploy the Splunk Add-on for Microsoft Windows?

0 Karma
Highlighted

Re: Splunk Add-on for Microsoft Windows: Which components should I deploy the add-on to?

SplunkTrust
SplunkTrust

hello there,

start here:
http://docs.splunk.com/Documentation/MSApp/1.4.1/MSInfra/WhataSplunkAppforWindowsInfrastructuredeplo...
and read thoroughly through the doc
it explains in detail where each component (TA / app / SA) should be
the TA for windows itself should be on all splunk components, Forwarder, indexer and Search Head.
also on the Deployment Server (in /etc/deployment-apps) if you use it to push to forwarders.
hope it helps

0 Karma
Highlighted

Re: Splunk Add-on for Microsoft Windows: Which components should I deploy the add-on to?

Esteemed Legend

It depends but the general answer is "probably everywhere except for linux forwarders". See here:

https://docs.splunk.com/Documentation/WindowsAddOn/latest/User/DeploytheSplunkAdd-onforWindowsinadis...

0 Karma