All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for Windows Installation Questions

adamblock1
Explorer
‎04-02-2015 08:28 AM

Is it possible to install the Splunk Add-on for Windows solely on a search head, or must it also be installed on indexers as well? If this is possible, must the search head be running on a Windows platform?

Thank you.

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-02-2015 08:56 AM

You should install it on indexers, search heads, and Windows hosts. The docs say install it everywhere. 🙂 See Download and configure the Splunk Add-on for Windows.

The system requirements in the documentation also say "You can install the app on a non-Windows Splunk Enterprise instance to display Windows data coming from external Windows sources."

0 Karma
Reply

adamblock1
Explorer
‎04-02-2015 09:02 AM

I am currently working with a test system, and currently only have access to the search head. If the add-on would be installed on the search head, and not on the indexer(s), does that mean that whatever parsing is performed will be performed at search time as opposed to when the events are indexed?

0 Karma
Reply

ChrisG
Splunk Employee
Splunk Employee
‎04-02-2015 10:46 AM

If you have the Windows add-on only on a search head, then you get:

  • Windows data if the search head is a Windows host and you enable data collection
  • Search-time parsing and field extraction
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...