Re: Splunk Add-on for Windows Installation Questio...

adamblock1 · ‎04-02-2015

Is it possible to install the Splunk Add-on for Windows solely on a search head, or must it also be installed on indexers as well? If this is possible, must the search head be running on a Windows platform?

Thank you.

ChrisG · ‎04-02-2015

You should install it on indexers, search heads, and Windows hosts. The docs say install it everywhere. 🙂 See Download and configure the Splunk Add-on for Windows.

The system requirements in the documentation also say "You can install the app on a non-Windows Splunk Enterprise instance to display Windows data coming from external Windows sources."

adamblock1 · ‎04-02-2015

I am currently working with a test system, and currently only have access to the search head. If the add-on would be installed on the search head, and not on the indexer(s), does that mean that whatever parsing is performed will be performed at search time as opposed to when the events are indexed?

ChrisG · ‎04-02-2015

If you have the Windows add-on only on a search head, then you get:

Windows data if the search head is a Windows host and you enable data collection
Search-time parsing and field extraction

Splunk Add-on for Windows Installation Questions

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio