All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk for AD - Disable pop up about Windows TA

msarro
Builder
‎12-18-2013 07:51 AM

Greetings. We are working to install the Splunk for AD app in our distributed deployment. However when we enter the app, we receive the following error in a dialog box:

"This instance of Splunk does not have the Splunk_TA_windows app installed."

This is correct; our search head is running linux, it shouldn't have the Splunk_TA_windows app installed. How can I disable this popup? Or is the TA required even on *nix systems? Because if it is, that contradicts the documentation for the deployment of the TA for the windows app.

Reply
1 Solution
Solved! Jump to solution
Solution

jbernt_splunk
Splunk Employee
Splunk Employee
‎12-18-2013 08:24 AM

Hello,

Yes, the Windows Addon (splunk_ta_windows) is required to be installed, even on *nix search heads, as it adds additional knowledge around searching for Windows-based system data. The Windows addon is also a requirement on the indexing tier, as per the instructions, as it adds additional knowledge at this layer as well.
Hope this helps,
Jeff.

View solution in original post

Reply
Solved! Jump to solution
Solution

jbernt_splunk
Splunk Employee
Splunk Employee
‎12-18-2013 08:24 AM

Hello,

Yes, the Windows Addon (splunk_ta_windows) is required to be installed, even on *nix search heads, as it adds additional knowledge around searching for Windows-based system data. The Windows addon is also a requirement on the indexing tier, as per the instructions, as it adds additional knowledge at this layer as well.
Hope this helps,
Jeff.

Reply
Solved! Jump to solution

msarro
Builder
‎12-18-2013 08:46 AM

I am aware that the apps are different; I just didn't realize that the AD app overrode the requirements of the Windows app. Thank you for the heads up, I'll give it a shot.

0 Karma
Reply
Solved! Jump to solution

jbernt_splunk
Splunk Employee
Splunk Employee
‎12-18-2013 08:35 AM

Ah, I see the confusion. The Windows Addon has to be on every search head at the very least (regardless of OS). Only on the Windows-based indexers does it need to be installed to send its own Windows log data into Splunk.

0 Karma
Reply
Solved! Jump to solution

jbernt_splunk
Splunk Employee
Splunk Employee
‎12-18-2013 08:32 AM

100%
Splunk App for Windows, is different than the AD app. The AD app requires the Windows Addon (as does the Splunk App for Windows). Both require the Windows addon.

0 Karma
Reply
Solved! Jump to solution

msarro
Builder
‎12-18-2013 08:29 AM

Are you sure? The documentation here: http://docs.splunk.com/Documentation/WindowsApp/latest/User/HowtodeploytheSplunkAppforWindows says the opposite. Hence the confusion.

0 Karma
Reply
Solved! Jump to solution

mikelanghorst
Motivator
‎12-18-2013 08:27 AM

just be sure to disable the inputs

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...