All Apps and Add-ons

Splunk App for Windows on *nix indexer/search heads

luo4
Engager

It says in "What a Splunk App for Windows deployment looks like" that "You can deploy the Splunk App for Windows on *nix search heads and use *nix indexers to index the data." In "How to deploy the Splunk App for Windows", we are told to install the Windows TA on our indexers. However, the "Windows TA documentation" says that it will not work properly installed on *nix systems. Sure enough, when I try to install the Windows TA on my Red Hat indexer, it does not appear as an app in Splunk Web. I am working with Windows App version 5.0.0 and Windows TA version 4.6.2.

I would like to have our Splunk for Windows App deployment use *nix for both the indexers and search heads; is this possible?

0 Karma
1 Solution

malmoore
Splunk Employee
Splunk Employee

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

View solution in original post

malmoore
Splunk Employee
Splunk Employee

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

Get Updates on the Splunk Community!

2024 Splunk Career Impact Survey | Earn a $20 gift card for participating!

Hear ye, hear ye! The time has come again for Splunk's annual Career Impact Survey!  We need your help by ...

Optimize Cloud Monitoring

  TECH TALKS Optimize Cloud Monitoring Tuesday, August 13, 2024  |  11:00AM–12:00PM PST   Register to ...

What's New in Splunk Cloud Platform 9.2.2403?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.2.2403! Analysts can ...