icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

staging environment

Accept License Agreements

Splunk General Terms

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Splunk Add-on for Microsoft Windows
SHA256 checksum (splunk-add-on-for-microsoft-windows_870.tgz) 3d71db185249743ceb5a29142dc4c13b969c695274424f1b3da6224c2202f917 SHA256 checksum (splunk-add-on-for-microsoft-windows_475.tgz) 3c6c46aa28559446cc9e94d3bde803f6e76a48aac88f97db77b8d852a3ad91a8 SHA256 checksum (splunk-add-on-for-microsoft-windows_474.tgz) 9bd6295396cea744d6ff782e1427b58b73f1ac904d632a089bc18ff5a1856540 SHA256 checksum (splunk-add-on-for-microsoft-windows_473.tgz) 9d4f2707953c425c00739c21ffb3eb0136a6d7a04bee7dbc93586cb6a58a2ce4 SHA256 checksum (splunk-add-on-for-microsoft-windows_472.tgz) ccf6c571f75bb9b491a6890699d0496f60ba869fb394743454b33e3ce899b237 SHA256 checksum (splunk-add-on-for-microsoft-windows_471.tgz) fa880c91008dc4dc06f127f8b90bea765983b95c52ab1e7678a413880958e29d SHA256 checksum (splunk-add-on-for-microsoft-windows_470.tgz) ce5d83ec8beadc3e831c3e92bc26adfb18d7b0896be53cafc7844b14066849bf SHA256 checksum (splunk-add-on-for-microsoft-windows_467.tgz) 47abbe8380e12c9c4e1aef253cdc6ab2c76ab594263a502ffd21b51e5b7ceeba SHA256 checksum (splunk-add-on-for-microsoft-windows_466.tgz) 14393540beddc9515e7862893a624af34646bd1597699ea7f1082b1f605007d8 SHA256 checksum (splunk-add-on-for-microsoft-windows_465.tgz) ddaaa0b98e87766bec20a23ffc62587f7ebb27af26e4351f5cd6fff3da5a19da SHA256 checksum (splunk-add-on-for-microsoft-windows_464.tgz) 8d6d5c24abfd44ae83f2647beb1936509f4af5e70da3db6252e69b93f319802c SHA256 checksum (splunk-add-on-for-microsoft-windows_463.tgz) 6fce5d284b1cedb7135b68a2574b13f950908c12b515bd7b4bb4569795fd4e15 SHA256 checksum (splunk-add-on-for-microsoft-windows_462.tgz) 14399e502ba42e72f9fef28e7d7a8dbad87c038664fd61c8e7cc7b5431712e4a SHA256 checksum (splunk-add-on-for-microsoft-windows_461.tgz) 740f8d9444ed1b95eaef849340786528a3091421c0d3a05de160375fad05970d
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Splunk Add-on for Microsoft Windows

Splunk Cloud
Splunk Built
Overview
Details
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

To learn about the Splunk Add-on for Microsoft Windows, see the official documentation here on docs.splunk.com.

For information on what has been fixed as well as known issues, see the release notes.

Release Notes

Version 8.7.0
June 2, 2023
Version 4.7.5
March 31, 2015

The add-on has improved logic for extracting Windows Registry information. (TAG-9106)
Version 4.7.4
Feb. 12, 2015

Bug fixes.
The add-on has been updated to better handle interaction with host field values in generated event data. (TAG-8935)

Change log (what's been fixed)
A problem with the secrpt-new-users macro has been fixed. (TAG-8945)
A problem with a transform that prevented the "User Account Lockout" dashboard from display events correctly was fixed. (TAG-8915, TAG-8894)
A problem with a transform that prevented security log field extractions from working properly was fixed. (TAG-3433)
Version 4.7.3
Oct. 22, 2014

The add-on no longer invokes variable key-value field extractions unnecessarily. This should improve overall performance on apps which rely on the add-on. (MSAPP-3293)
Version 4.7.2
Sept. 25, 2014
  • An issue where some panels displayed with mislabeled drop-downs was fixed. (MSAPP-3214)
  • A problem with an incorrectly-configured blacklist filter in the Windows Security Event Log stanza has been fixed. (MSAPP-3151)
  • The "All_Changes.Account Management" events now properly extract "account deleted" actions. (MSAPP-3055)
  • The add-on no longer generates warnings about invalid values in stanzas on some versions of Splunk. (MSAPP-3053)
  • Values defined within stanzas in some configuration files now have proper URI encodings. (MSAPP-3012)
Version 4.7.1
Aug. 18, 2014
  • The Splunk Add-on for Windows no longer improperly appears in dashboards in the Splunk App for Enterprise Security. (MSAPP-1835)
  • Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
  • The Splunk Add-on for Windows now properly detects Windows updates on Windows Server 2012. (MSAPP-2799)
  • The WMI:UserAccountsSID source has been deprecated. The Splunk Add-on for Windows now uses the WMI:UserAccounts source. (MSAPP-2802)
Version 4.7.0
July 30, 2014
  • An issue where the TA did not properly extract the "User" Common Information Model (CIM) field for failed logons was fixed. (MSAPP-2466)
  • Added new lookup to convert Windows Event Log eventType numerical values into strings. (MSAPP-1442)
  • Added some data model panels. (MSAPP-2773)
  • Added some field extractions for the Security Windows Event Log channel. (MSAPP-2748)
  • Updated a search that used WMI to retrieve a list of local users. The script returns only local users and runs faster. (MSAPP-2659)
  • indexes.conf has been modified to include default indexes for Windows data. (MSAPP-2698, MSAPP-2755)
  • Fixed some problems surrounding MS Event Log code 4776 (MSAPP-164)
Version 4.6.7
July 7, 2014
  • Added TaskCategory "User Account Management" to the account_management event type. (MSAPP-2233)
  • Made changes to support Change Analysis:Audit Changes data model object. (SOLNESS-4993)
  • Made changes for Filesystem_Changes data model. (SOLNESS-4743)
  • Enhanced Windows Server 2008 time synchronization detection. (MSAPP-1848)
  • REGRESSION: Fixed an issue where action field was being destroyed by OUTPUT. (MSAPP-2793)
  • Updated to accommodate new Endpoint Change data model. (SPL-50859):
Version 4.6.6
March 25, 2014
Version 4.6.5
Dec. 2, 2013

Fixed issue where using the Add-On with Splunk 6 caused "typo in stanza" warnings on startup
Version 4.6.4
Oct. 12, 2013

CIM compliance updates; Compatible with Splunk 6.
Version 4.6.3
July 23, 2013

The app has been updated to conform to application taxonomy requirements.
Version 4.6.2
April 8, 2013

Compatible with Splunk App for Windows; Modified to conform with add-on guidelines.
Version 4.6.1
Nov. 1, 2012

The app is compatible with Splunk 5.0.
WMI performance counters are disabled by default.
372,128
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Splunk Inc.
Support
Splunk Supported Questions on Splunk Answers File a case Flag as inappropriate
Compatibility
This version of the app (4.7.5) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.7.4) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.7.3) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.7.2) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.7.1) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.7.0) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.7) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.6) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.5) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.4) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.3) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.2) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
This version of the app (4.6.1) is not available for Splunk Cloud. However, version 8.7.0 of this app is available for Splunk Cloud.
Products: Splunk Enterprise, Splunk IT Service Intelligence, Splunk Cloud Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence Products: Splunk Enterprise, Splunk IT Service Intelligence
Splunk Versions: 8.2, 8.1, 8.0, 7.5, 7.4, 7.3, 7.2, 7.1, 7.0, 6.7, 6.6, 6.5, 6.4, 6.3, 6.2, 6.1, 6.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 6.3, 6.2, 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 8.0, 6.2, 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 6.2, 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 6.2, 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 6.1, 6.0 Platform: Platform Independent CIM Versions: 4.x, 3.x Splunk Versions: 6.1, 6.0 Platform: Windows CIM Versions: 4.x, 3.x Splunk Versions: 6.0 Platform: Platform Independent Splunk Versions: 6.0, 5.0 Platform: Platform Independent Splunk Versions: 6.0, 5.0 Platform: Windows Splunk Versions: 5.0 Platform: Windows Splunk Versions: 5.0 Platform: Windows Splunk Versions: 5.0 Platform: Platform Independent
Licensing
Splunk General Terms
Category & Contents
Categories: Utilities, IT Operations
App Type: Add-on
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.