All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Add-on for Windows Installation Questions

adamblock1
Explorer
‎04-02-2015 08:28 AM

Is it possible to install the Splunk Add-on for Windows solely on a search head, or must it also be installed on indexers as well? If this is possible, must the search head be running on a Windows platform?

Thank you.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-02-2015 08:56 AM

You should install it on indexers, search heads, and Windows hosts. The docs say install it everywhere. 🙂 See Download and configure the Splunk Add-on for Windows.

The system requirements in the documentation also say "You can install the app on a non-Windows Splunk Enterprise instance to display Windows data coming from external Windows sources."

0 Karma
Reply

adamblock1
Explorer
‎04-02-2015 09:02 AM

I am currently working with a test system, and currently only have access to the search head. If the add-on would be installed on the search head, and not on the indexer(s), does that mean that whatever parsing is performed will be performed at search time as opposed to when the events are indexed?

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-02-2015 10:46 AM

If you have the Windows add-on only on a search head, then you get:

  • Windows data if the search head is a Windows host and you enable data collection
  • Search-time parsing and field extraction
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...

Analytics Workspace deprecation

As of Splunk Cloud Platform 10.4.2604 and Splunk Enterprise 10.4, Analytics Workspace is now deprecated. ...

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Splunk Developer Day brought the Splunk developer community together for a practical look at what it means to ...