All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows on *nix indexer/search heads

luo4
Engager
‎04-22-2013 02:42 PM

It says in "What a Splunk App for Windows deployment looks like" that "You can deploy the Splunk App for Windows on *nix search heads and use *nix indexers to index the data." In "How to deploy the Splunk App for Windows", we are told to install the Windows TA on our indexers. However, the "Windows TA documentation" says that it will not work properly installed on *nix systems. Sure enough, when I try to install the Windows TA on my Red Hat indexer, it does not appear as an app in Splunk Web. I am working with Windows App version 5.0.0 and Windows TA version 4.6.2.

I would like to have our Splunk for Windows App deployment use *nix for both the indexers and search heads; is this possible?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎04-22-2013 08:10 PM

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

View solution in original post

Reply
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎04-22-2013 08:10 PM

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...