All Apps and Add-ons

Splunk for Windows Technology add-on VS. Splunk for Windows

treinke
Builder

What are the benefits of Splunk for Windows technology add-on over Splunk for Windows?

There are no answer without questions
1 Solution

araitz
Splunk Employee
Splunk Employee

Some customers asked us for Windows knowledge (eventtypes, fields, lookups, etc) and input (WinEvtLog, WMI, etc) packaged separately from the Splunk Web UI aspects. Often, this request was in order to facilitate use on forwarders or when the primary use case for Windows data is to correlate with other data sources in an app other than Splunk for Windows.

In terms of the knowledge layer, the Windows technology add-on does have a few benefits compared to the Splunk for Windows app. Besides more in depth descriptions and the addition of event code lookups, a key thing to note is that the Windows technology add-on is Common Information Model compliant, which facilitates use with CIM-compliant solutions such as Splunk Enterprise Security Suite and Splunk for PCI Compliance.

View solution in original post

araitz
Splunk Employee
Splunk Employee

Some customers asked us for Windows knowledge (eventtypes, fields, lookups, etc) and input (WinEvtLog, WMI, etc) packaged separately from the Splunk Web UI aspects. Often, this request was in order to facilitate use on forwarders or when the primary use case for Windows data is to correlate with other data sources in an app other than Splunk for Windows.

In terms of the knowledge layer, the Windows technology add-on does have a few benefits compared to the Splunk for Windows app. Besides more in depth descriptions and the addition of event code lookups, a key thing to note is that the Windows technology add-on is Common Information Model compliant, which facilitates use with CIM-compliant solutions such as Splunk Enterprise Security Suite and Splunk for PCI Compliance.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...