Splunk Add-on for Windows Installation Questions

adamblock1 · ‎04-02-2015

Is it possible to install the Splunk Add-on for Windows solely on a search head, or must it also be installed on indexers as well? If this is possible, must the search head be running on a Windows platform?

Thank you.

ChrisG · ‎04-02-2015

You should install it on indexers, search heads, and Windows hosts. The docs say install it everywhere. 🙂 See Download and configure the Splunk Add-on for Windows.

The system requirements in the documentation also say "You can install the app on a non-Windows Splunk Enterprise instance to display Windows data coming from external Windows sources."

adamblock1 · ‎04-02-2015

I am currently working with a test system, and currently only have access to the search head. If the add-on would be installed on the search head, and not on the indexer(s), does that mean that whatever parsing is performed will be performed at search time as opposed to when the events are indexed?

ChrisG · ‎04-02-2015

If you have the Windows add-on only on a search head, then you get:

Windows data if the search head is a Windows host and you enable data collection
Search-time parsing and field extraction

Splunk Add-on for Windows Installation Questions

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?

Splunk Add-on for Windows Installation Questions

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025