All Apps and Add-ons

Splunk App for Windows on Linux indexer

snickered
Path Finder

I just installed Splunk App for Windows on a Linux indexer. Upon reboot I was presented with

"Splunk has detected that the server operating system is not Windows.  The Splunk for Windows App can be installed on any operating system, but the app inputs can only be configured on Windows operating systems."

I want to be sure I understand this correctly. I'm assuming this just means I can't monitor Windows-specific things like monitor the registry on the local box (the Linux indexer) - obvious.

I want to be sure I can install the Universal Forwarder followed by the Splunk TA for Windows on my Windows boxes, as described here: http://docs.splunk.com/Documentation/WindowsApp/4.5.2/User/Otherdeploymentconsiderations#Configure_t.... After pointing the Windows boxes to my Linux indexer, then edit the TA configuration files to enable the Windows data inputs. Will I get the same dashboards/inputs/etc... on my Linux indexer as I would if my central indexer was Windows? Thanks!

dshpritz
SplunkTrust
SplunkTrust

This may have been related to a known issue in the Splunk App for Windows app. Checking the Release notes shows:

"The app no longer displays "Unsupported configuration" or other erroneous modal dialogs when you install the full Windows app on a Splunk instance that has the TA installed, or when you install the app on a non-Windows Splunk instance. (SPL-47170)"

Splunk App for Windows Release Notes

Thanks,

Dave

0 Karma

ITBlogger
Explorer

From my experience, it means that you can't use a Linux Indexer to modify configuration of Windows agents to control what data they will grab from their respective hosts and forward to the indexer.

As far as I know, in the scenario of Linux Indexer with Windows Universal Forwarders, the Splunk TA for Windows app needs to be installed on any of the Windows Universal Forwarders to really have any meaningful control over performance monitoring data. I don't think it's necessary to install the Splunk TA for Windows app to pull in event log data to the Indexer.

0 Karma
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Casting Call: Compete in Cyber Games

Lights, Camera, SecOps: Apply to Compete in Cyber Games     Think you have what it takes to beat the clock? ...

Data Management Digest – June 2026

Welcome to the June 2026 edition of Data Management Digest! This month’s update is short and sweet, with a ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...