All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk App for Windows on *nix indexer/search heads

luo4
Engager
‎04-22-2013 02:42 PM

It says in "What a Splunk App for Windows deployment looks like" that "You can deploy the Splunk App for Windows on *nix search heads and use *nix indexers to index the data." In "How to deploy the Splunk App for Windows", we are told to install the Windows TA on our indexers. However, the "Windows TA documentation" says that it will not work properly installed on *nix systems. Sure enough, when I try to install the Windows TA on my Red Hat indexer, it does not appear as an app in Splunk Web. I am working with Windows App version 5.0.0 and Windows TA version 4.6.2.

I would like to have our Splunk for Windows App deployment use *nix for both the indexers and search heads; is this possible?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎04-22-2013 08:10 PM

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

View solution in original post

Reply
Solved! Jump to solution
Solution

malmoore
Splunk Employee
Splunk Employee
‎04-22-2013 08:10 PM

Hi,

After further consultation with the engineers who develop the Windows TA, I need to amend my answer to your question. I apologize in advance for the inconvenience and confusion.

It turns out that you do indeed need to install the Splunk TA for Windows onto the *nix indexers in the central Splunk App for Windows instance. While the TA does not collect Windows data on *nix servers, it does perform index-time field extractions on the incoming Windows data from universal forwarders.

You won't see the Windows TA in your *nix indexer's Splunk Web app list because TAs by definition have no user interface.

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...