All Apps and Add-ons

Splunk for AD - Disable pop up about Windows TA

msarro
Builder

Greetings. We are working to install the Splunk for AD app in our distributed deployment. However when we enter the app, we receive the following error in a dialog box:

"This instance of Splunk does not have the Splunk_TA_windows app installed."

This is correct; our search head is running linux, it shouldn't have the Splunk_TA_windows app installed. How can I disable this popup? Or is the TA required even on *nix systems? Because if it is, that contradicts the documentation for the deployment of the TA for the windows app.

1 Solution

jbernt_splunk
Splunk Employee
Splunk Employee

Hello,

Yes, the Windows Addon (splunk_ta_windows) is required to be installed, even on *nix search heads, as it adds additional knowledge around searching for Windows-based system data. The Windows addon is also a requirement on the indexing tier, as per the instructions, as it adds additional knowledge at this layer as well.
Hope this helps,
Jeff.

View solution in original post

jbernt_splunk
Splunk Employee
Splunk Employee

Hello,

Yes, the Windows Addon (splunk_ta_windows) is required to be installed, even on *nix search heads, as it adds additional knowledge around searching for Windows-based system data. The Windows addon is also a requirement on the indexing tier, as per the instructions, as it adds additional knowledge at this layer as well.
Hope this helps,
Jeff.

msarro
Builder

I am aware that the apps are different; I just didn't realize that the AD app overrode the requirements of the Windows app. Thank you for the heads up, I'll give it a shot.

0 Karma

jbernt_splunk
Splunk Employee
Splunk Employee

Ah, I see the confusion. The Windows Addon has to be on every search head at the very least (regardless of OS). Only on the Windows-based indexers does it need to be installed to send its own Windows log data into Splunk.

0 Karma

jbernt_splunk
Splunk Employee
Splunk Employee

100%
Splunk App for Windows, is different than the AD app. The AD app requires the Windows Addon (as does the Splunk App for Windows). Both require the Windows addon.

0 Karma

msarro
Builder

Are you sure? The documentation here: http://docs.splunk.com/Documentation/WindowsApp/latest/User/HowtodeploytheSplunkAppforWindows says the opposite. Hence the confusion.

0 Karma

mikelanghorst
Motivator

just be sure to disable the inputs

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...