SplunkĀ® App for Windows Infrastructure

A comprehensive view of your Windows-based IT Infrastructure

Real-time monitoring of the Windows infrastructure is needed to ensure it operates at the optimal level. However, monitoring individual layers of a Windows infrastructure, such as Active Directory, DNS, DHCP, etc., is an extremely cumbersome task. The Splunk App for Windows Infrastructure harnesses the power of the Splunk Enterprise Platform and combines Windows and Active Directory information into a single pane of glass to focus on operational analytics and deliver a comprehensive view of your Windows-based IT infrastructure.

Unlike traditional management tools which just deliver health statistics, Splunk reporting delivers crucial data such as compliance and auditing information in addition to health and performance statistics. The Splunk App for Windows Infrastructure comes with pre-built searches, reports and dashboards for Windows Server, Windows Client and Active Directory monitoring and gives you a comprehensive view of your Windows environment.

Active Directory Infrastructure

The Splunk App for Windows Infrastructure harnesses the power of the Splunk Enterprise Platform to deliver a fundamentally different approach for IT. Reduce the complexity and minimize the burden of monitoring by correlating information from multiple services, such as Windows operating systems and Active Directory. The Splunk platform and Splunk App for Windows Infrastructure gives you context and insights across your interconnected IT infrastructure. This approach not only offers rapid root cause analysis and reduces support costs, but also lets you compare previously siloed sets of data and gives you new levels of visibility and Operational Intelligence.

With the Splunk App for Windows Infrastructure, you can gain deep visibility into the health and performance of your Active Directory and Windows environments.

  • Monitor the Active Directory Forest for potential security breaches and non-compliant usage patterns
  • Correlate Windows and Active Directory level events and audit changes to group policies, user, group and computer objects in real time
  • View detailed topology statistics on all objects of your Active Directory from the Forest to individual user and computer accounts
  • Monitor the operational health of Windows and Active Directory as a holistic service

Packaged Correlation - Easily identify the inter-relationships between performance, health, and security events using pre-built dashboards and reports of your entire environment.

Dashboard Builder - Quickly and easily create, save and share custom reports of related services and components by simply querying on contextual information, such as "logouts," "performance," "health," etc.

Events, Performance & System Monitoring - Contains information on all the Windows events, CPU, Memory, Physical Disk, LogicalDisk, Network Interface, Application crashes, Application installs and Windows Updates. Topology Reports - Allows an Active Directory administrator to view the entire Forest from one single view rather than opening multiple consoles for information.

Domain & DNS Services Monitoring - Displays information on the health, configuration and performance of domains, sites, domain controllers, DNS servers and DNS zones that belong to the Active Directory Forest; delivers real-time statistics on how the individual components are operating and working together.

Anomalous Logons, User Logon Failures & User Utilization - Displays information on uncharacteristic usage patterns and failed attempts by users to log onto a specific domain and displays the user and workstation load managed the Active Directory Forest. From one console, administrators can then view the multiple ways a security breach may be attempted across the entire Forest.

Change Management - Displays changes made to objects in the Active Directory Forest. Helpdesk and admin staff can track changes made to computer accounts, domain accounts, organizational units and group policy objects to decrease support calls and pinpoint user issues.

Dashboard builder

Dashboard Builder

Supported Windows Versions

Splunk App for Windows Infrastructure supports

  • Windows XP, Vista, 7, and 8
  • Windows Server 2003/2003 R2, Server 2008/2008 R2, or Server 2012/2012 R2.

Splunk Requirements

  • All Splunk indexers, search heads and universal forwarders require Splunk version 6.0 or later.

Additional prerequisites

The Splunk Add-on for Windows

In order to collect data from the Windows servers in your environment, you need the Splunk Technology Add-on for Windows. The Splunk Add-on for Windows can be downloaded from Splunk Apps.

The Splunk Add-on for Active Directory suite

The installation package for the Splunk App for Windows Infrastructure includes this suite of add-ons for Active Directory. The Splunk Add-on for Active Directory suite - including the Supporting Add-on for Active Directory (SA-Ldapsearch) - must be installed on the central Splunk instance.

The Splunk Add-on for PowerShell

If you run Windows Server 2012 R2 and plan to gather Active Directory statistics, you need to also download and install the Splunk Add-on for PowerShell. It can be downloaded from Splunk Apps.