Solved: Windows TA deployment indexer/forwarder

sonicZ · ‎03-29-2013

Basically i am trying this deployment

windows hosts: Installed the Windows TA app/configured inputs.conf with proper perfmon inputs etc.

Search head: Installed Windows app, should be able to see windows TA data, since TA app and windows app are not supported on the same instance of Splunk?

indexer: Nothing installed.

After reading the docs they say the windows TA app can be installed on indexers but does it need to be in order for the windows TA forwarded data to properly index?
http://docs.splunk.com/Documentation/WindowsApp/latest/User/InstalltheSplunkTechnologyAdd-onforWindo...

jcoates_splunk · ‎03-29-2013

Hi,

Yes, that needs to go on your indexers.

jcoates-mba:apps jcoates$ grep index Splunk_TA_windows/README.txt 
Has index-time operations: true, this technology add-on must be placed on indexers

View solution in original post

jcoates_splunk · ‎03-29-2013

Hi,

Yes, that needs to go on your indexers.

jcoates-mba:apps jcoates$ grep index Splunk_TA_windows/README.txt 
Has index-time operations: true, this technology add-on must be placed on indexers

crosset2 · ‎04-01-2013

Thanks Jcoates, I installed the app on all 8 of our production indexers in the $SPLUNK_HOME\etc\apps directory
bounced them last week, but still no windows related events from the host with the TA app.
I am submitting a case on this..

Windows TA deployment indexer/forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation