Splunk and Windows: So many add-ons so little time!
So there are lots of Splunk apps and add-ons out there when it comes to Windows.
So which ones do you choose?
Well I’ve gathered the best ones that are all Splunk supported so you know you will get support and they will be kept up to date. These are the apps and add-ons for creating the foundation you can build on if you need to. They do a really good job of covering all
the usual check boxes when it comes to a Windows environment.
The first piece is to download the correct Splunk Universal Forwarder for your version
of Windows which now-a-days is just choosing 32 or 64 bit. Make sure it matches or exceeds the version of Splunk you have deployed.
Second you need to download the main app from Splunk, the Splunk App for Windows Infrastructure. This app runs on the Search Head and is the one that aggregates and slices and dices the machine data from the add-ons so you can make sense of it all.
Third you need the Splunk Add-on for Microsoft Windows. It is this add-on that tells all the Splunk Universal Forwarders what to collect from the Windows OS.
Finally for Active Directory and of course DNS you need the Splunk Add-on for Microsoft Active Directory and the Splunk Add-on for Microsoft Windows DNS as well as the Splunk Support for Active Directory add-on.
The good news about each of these is that Splunk created them to work together and they ship with tons of sample dashboards and reports. The included items are very informative and a great place to start from and modify to fit your needs and they way you present the data that is gathered with Splunk.
I’ll go into more detail about each one and how they all fit together in a separate article.