Thanks For Downloading!Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows: Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into Unix/Linux: Decompress the downloaded file using a tool like DescriptionThe Splunk App for Windows provides examples of pre-built data inputs, searches, reports, alerts, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems from one place. Included are scripted inputs for CPU, disk, I/O, memory, log, configuration, and user data, plus a web-based setup UI for indexing Windows Events Logs. The app makes getting started with Splunk a breeze. . Versions and Release Notes
Version 4.5.1 (current version - updated Mar 09, 2012)
release notes:
Fixed bug with Windows app lookups being unavailable to other Splunk applications.
Version 4.5
(updated Jan 18, 2012)
release notes:
Here's what's new in the latest version of the Splunk App for Windows:
* Documentation! http://docs.splunk.com/Documentation/WindowsApp This app now has official Splunk documentation that will be maintained with every release of the app.
* Improved app setup
* Improved knowledge layers
Bug fixes include:
* You are no longer sent to a "404 Not Found" page when you click on the set-up link that the app presents after it is initially installed.
* The system resources of the local Windows host are now properly monitored by default after installation.
* On the dashboard that displays indexed data, the "Total Count" now properly appears on the "Last 15 minutes" and "Last 24 hours" subpanels.
* Configuration defaults are now properly added for Registry monitoring inputs.
Version 4.2.1
(updated Jan 06, 2012)
release notes:
contains bug fix for migrating regmon filters from Splunk 4.2 to 4.3
Version 4.2.0
(updated Mar 15, 2011)
release notes:
Updated to be compatible with Splunk 4.2, to work better with newer Windows operating systems (such as Windows 2008 R2) as well as other miscellaneous improvements.
Version 4.1.4
(updated Jul 20, 2010)
Version 4.1.3
(updated Jun 16, 2010)
Version 4.1.2
(updated May 21, 2010)
Version 4.1
(updated Apr 05, 2010)
Version 4.0.10
(updated Mar 18, 2010)
Version 4.0.9
(updated Feb 26, 2010)
Version 2.0
(updated Jul 20, 2009)
Version 2.0new
(updated Jul 20, 2009)
Version 2.0old
(updated Jul 20, 2009)
|
Nice fix to the Splunk App for Windows. You should make that pop-up go away after the first warning. Having it pop up every single time the app loads can get annoying.
From Mac OSX Lion Splunk version 4.3.1, I get the same error that all the other users are getting, "Unsupported Operating System". This is a major disappointment as I run many Windows virtual machines and was looking forward to using this to monitor them.
This issue is fixed in version 4.5.1. In the future, please use this section for reviews rather than problems.
This isn't so much a review as a request. Please, on the next update could this application have a dedicated index instead of using the default.
thank you
Please use this section for reviews rather than requests. Feel free to use the "Ask a Question" button on the right to ask a question such as above.
Up until this release I have had no issues running this app on a linux splunk install (here and at previous employers), I just needed a universal forwarder or light forwarder on a windows box to forward the data. It worked just as well as having splunk installed on a windows box - with the exception of Windows updates - which I track through WSUS anyway. The main reason I have this running on a linux box is that it works well and I don't have to burn a windows license for the splunk install.
Anyway, please remove the pop-up that comes up stating "unsupported operating system" and allow configuration of the app while it runs on a *nix box.
This issue is fixed in version 4.5.1. In the future, please use this section for reviews rather than problems.
cmeo-
I have been able to configure windows app to work properly under an alternate index. I have modified the following files:
-
/opt/splunk/etc/apps/windows/default/inputs.conf: Under each stanza, add the following line: index=NEW_INDEX_NAME
-
/opt/splunk/etc/apps/windows/default/wmi.conf: Change all index entries from index = default to index = NEW_INDEX_NAME
If you need assistance, i usually idle in #splunk on EFnet.
sideone
Better still: - Create a "local" directory under /etc/apps/windows/ - Copy inputs.conf and wmi.conf to /etc/apps/windows/local/ - Delete everything under each stanza heading and replace with "index=NEW_INDEX_NAME"
That way your changes aren't overwritten when you next upgrade.
Is it possible to use this app when the Splunk is setup on a *nix machine. It appears you have to pull Events/Perf Monitors via WMI but the WMI installation says "Note: This feature is only available on the Windows version of Splunk."
I have inclusive Splunk instance on *nix. I have Universal forwarder on my windows machines.
Thank you.
Is it possible to change this app to use a custom index? We have a multi-platform shop and I want windows events out of 'main'.
I've tried to change it myself but some things don't work properly and the index seems to be hard-wired here and there.
