Splunk for Windows technology add-on

Thanks For Downloading!

Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:

Windows: Decompress the downloaded file using a tool like 7-Zip and place the resulting folder into %PROGRAMFILES%\Splunk\etc\apps. Then restart Splunk using the splunk restart command or the GUI.

Unix/Linux: Decompress the downloaded file using a tool like tar -xvf and place the resulting folder into $SPLUNK_HOME/etc/apps. Then restart Splunk using the splunk restart command or the GUI.

The Splunk for Windows technology add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The app includes a variety of inputs, including:

• Windows event logs (security, system, application)
• DHCP event log
• Windows update logs
• File change monitors for key Windows files
• Listening ports
• Installed applications
• Performance metrics (CPU, Free Disk Space, Physical Disk, Memory, Network)
• Scheduled Jobs
• Installed Services
• Windows uptime
• User Account and SID information
• Windows version information

Use this app to collect one or more of the data sources noted above for use with other Common Information Model compliant apps, including:

• Splunk App for Enterprise Security
• Splunk App for PCI Compliance v.2.0
• Splunk for FISMA Getting Support

The Splunk for Windows Technology Add-on is a Splunk supported add-on.

If you have Splunk Enterprise support, please contact .