All Apps and Add-ons

What are the Splunk apps and add-ons for Microsoft technologies, and what do I use them for?

sloshburch
Splunk Employee
Splunk Employee

Out of the box, Splunk is able to collect a lot of Windows data. But I also see many items on Splunkbase for Windows and related Microsoft technologies. Is there a complete list of apps and when to use each?

1 Solution

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

Some technologies have filters on Splunkbase. Since there isn't one for Microsoft technologies, I've made a list of Microsoft-related apps and add-ons starting with the ones created and supported by Splunk, Inc.

I've grouped the Splunk-created apps into two lists:

  • Add-ons for data collection and enrichment - Add-ons that collect and enrich Microsoft-related data. You can use these add-ons with their companion apps, other Splunk solutions, or with your own ad hoc searches.

  • Apps for data insights - Apps that focus on specific insights from Microsoft-related data. These apps are powered by one or more of the add-ons in the data collection and enrichment list.

If you are interested in the technology that a given app or add-on targets, go beyond this post and explore the related documentation.

If you aren't yet familiar with apps or add-ons, head over to the Spexicon to get a quick education on Apps and Add-ons.

Add-ons for data collection and enrichment

These add-ons include modular inputs for collecting data from Microsoft platforms, and knowledge objects that make use of data from Microsoft platforms.

Again, you can use these add-ons with their companion apps, with a Splunk solution, or with your own apps.

  • Splunk Universal Forwarder - Surprise! Out of the box, Monitoring Windows data with Splunk Enterprise is actually quite robust.

  • Splunk Add-on for Microsoft Windows - While this add-on includes some useful scripted inputs and rich prebuilt panels, its greatest value comes from the knowledge objects that make the Windows data accessible, usable, and valuable to anyone.

  • Splunk Add-on for Microsoft Exchange - This add-on collects mailbox, client access, and hub transport data from your Microsoft Exchange Server hosts. It also enriches the data with knowledge objects for the Splunk App for Microsoft Exchange.

  • Splunk Add-on for Microsoft IIS - This add-on provides knowledge objects for the web site activity data in the W3C log file format from Microsoft IIS servers.

  • Splunk Add-on for Microsoft Hyper-V - This add-on collects data and provides knowledge objects for inventory, performance, and alert information from Microsoft Hyper-V environments for Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.

  • Splunk Add-on for Microsoft SQL Server - This add-on collects data and provides knowledge objects for system performance, SQL server performance, log, audit, and status data from Microsoft SQL Server deployments for Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.

  • Splunk Add-on for Microsoft Office 365 - This add-on collects service status, service messages, and management activity logs from the Office 365 Management API.

  • Splunk Add-on for Microsoft Cloud Services - This add-on collects activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services.

  • Splunk Add-on for Microsoft System Center Operations Manager - This add-on collects data and provides knowledge objects from Microsoft System Center Operations Manager to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance and Splunk IT Service Intelligence.

  • Splunk Add-on for Infrastructure - This add-on provides knowledge objects necessary to translate Windows performance monitoring event data to metrics.

Apps for data insights

These apps provide specific insights into Microsoft-related data. They leverage many of the add-ons listed above to collect and enrich Microsoft-related data. Refer to their documentation for specific add-on dependencies.

  • Splunk App for Windows Infrastructure - This app monitors, manages, and troubleshoots Windows operating systems, including Active Directory elements, all from one place.

  • Splunk App for Microsoft Exchange - This app provides insight into the entire Microsoft Exchange messaging infrastructure, including critical dependencies, such as the operating system, supporting applications, devices, and services.

  • Splunk Supporting Add-on for Active Directory - This app adds a new search command to extract information from an Active Directory database. It increases potential insights for the other apps in this category.

  • Splunk App for Infrastructure - By unifying and correlating logs and metrics, this app provides a seamless experience for infrastructure monitoring and troubleshooting regardless of the operating system.

  • Splunk IT Service Intelligence - This app is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps) that provides visibility into health and key performance indicators of critical IT and business services and their infrastructure, regardless of operating system.

  • Splunk Enterprise Security - The nerve center of the security ecosystem, Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, simplify threat management minimizing risk

  • Splunk App for PCI Compliance- Helps organizations meet PCI DSS 3.2 requirements.

Deprecated

There are some apps that still exist on Splunkbase, but are outdated in one way or another. Here's a list of them and why.

View solution in original post

sloshburch
Splunk Employee
Splunk Employee

The Splunk Product Best Practices team provided this response. Read more about How Crowdsourcing is Shaping the Future of Splunk Best Practices.

Some technologies have filters on Splunkbase. Since there isn't one for Microsoft technologies, I've made a list of Microsoft-related apps and add-ons starting with the ones created and supported by Splunk, Inc.

I've grouped the Splunk-created apps into two lists:

  • Add-ons for data collection and enrichment - Add-ons that collect and enrich Microsoft-related data. You can use these add-ons with their companion apps, other Splunk solutions, or with your own ad hoc searches.

  • Apps for data insights - Apps that focus on specific insights from Microsoft-related data. These apps are powered by one or more of the add-ons in the data collection and enrichment list.

If you are interested in the technology that a given app or add-on targets, go beyond this post and explore the related documentation.

If you aren't yet familiar with apps or add-ons, head over to the Spexicon to get a quick education on Apps and Add-ons.

Add-ons for data collection and enrichment

These add-ons include modular inputs for collecting data from Microsoft platforms, and knowledge objects that make use of data from Microsoft platforms.

Again, you can use these add-ons with their companion apps, with a Splunk solution, or with your own apps.

  • Splunk Universal Forwarder - Surprise! Out of the box, Monitoring Windows data with Splunk Enterprise is actually quite robust.

  • Splunk Add-on for Microsoft Windows - While this add-on includes some useful scripted inputs and rich prebuilt panels, its greatest value comes from the knowledge objects that make the Windows data accessible, usable, and valuable to anyone.

  • Splunk Add-on for Microsoft Exchange - This add-on collects mailbox, client access, and hub transport data from your Microsoft Exchange Server hosts. It also enriches the data with knowledge objects for the Splunk App for Microsoft Exchange.

  • Splunk Add-on for Microsoft IIS - This add-on provides knowledge objects for the web site activity data in the W3C log file format from Microsoft IIS servers.

  • Splunk Add-on for Microsoft Hyper-V - This add-on collects data and provides knowledge objects for inventory, performance, and alert information from Microsoft Hyper-V environments for Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.

  • Splunk Add-on for Microsoft SQL Server - This add-on collects data and provides knowledge objects for system performance, SQL server performance, log, audit, and status data from Microsoft SQL Server deployments for Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.

  • Splunk Add-on for Microsoft Office 365 - This add-on collects service status, service messages, and management activity logs from the Office 365 Management API.

  • Splunk Add-on for Microsoft Cloud Services - This add-on collects activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services.

  • Splunk Add-on for Microsoft System Center Operations Manager - This add-on collects data and provides knowledge objects from Microsoft System Center Operations Manager to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance and Splunk IT Service Intelligence.

  • Splunk Add-on for Infrastructure - This add-on provides knowledge objects necessary to translate Windows performance monitoring event data to metrics.

Apps for data insights

These apps provide specific insights into Microsoft-related data. They leverage many of the add-ons listed above to collect and enrich Microsoft-related data. Refer to their documentation for specific add-on dependencies.

  • Splunk App for Windows Infrastructure - This app monitors, manages, and troubleshoots Windows operating systems, including Active Directory elements, all from one place.

  • Splunk App for Microsoft Exchange - This app provides insight into the entire Microsoft Exchange messaging infrastructure, including critical dependencies, such as the operating system, supporting applications, devices, and services.

  • Splunk Supporting Add-on for Active Directory - This app adds a new search command to extract information from an Active Directory database. It increases potential insights for the other apps in this category.

  • Splunk App for Infrastructure - By unifying and correlating logs and metrics, this app provides a seamless experience for infrastructure monitoring and troubleshooting regardless of the operating system.

  • Splunk IT Service Intelligence - This app is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps) that provides visibility into health and key performance indicators of critical IT and business services and their infrastructure, regardless of operating system.

  • Splunk Enterprise Security - The nerve center of the security ecosystem, Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, simplify threat management minimizing risk

  • Splunk App for PCI Compliance- Helps organizations meet PCI DSS 3.2 requirements.

Deprecated

There are some apps that still exist on Splunkbase, but are outdated in one way or another. Here's a list of them and why.

sloshburch
Splunk Employee
Splunk Employee

I've updated this post to reflect that the add-ons for DNS and AD are no longer needed thanks to the 6.0.0 release of the Splunk Add-on for Microsoft Windows.

0 Karma

mglauser_splunk
Splunk Employee
Splunk Employee

While the add-ons for DNS and AD are no longer needed thanks to the 6.0.0 release of the Splunk Add-on for Microsoft Windows, the Splunk Add-on for Microsoft Active Directory and the Splunk Add-on for Microsoft Windows DNS are still available in order to allow Splunk Cloud customers to upgrade their respective deployments. Both add-ons will reach end of availability once those upgrades to version 6.0.0 of the Splunk Add-on for Microsoft Windows have taken place.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...