|
|
Preparation Task: Download required Splunk Packages
|
View Steps
|
This initial preparation task is for downloading the Splunk Software and Technical Add-Ons (TA's) that will be leveraged in subsequent preparation steps.
This initial preparation task is for downloading the Splunk Technical Add-Ons (TA's) that will be leveraged in subsequent preparation steps.
|
|
|
Preparation Task: Prepare Splunk® Core Components
|
|
|
Installing the Splunk Windows TA on the single Splunk Core Instance
We will now cover the steps to install and verify that the Splunk Add-on for Microsoft Windows is installed on your Splunk® Enterprise Core system.
|
View Steps
|
|
|
Installing the Splunk Windows TA on the Distributed Splunk Core Instances
We will now cover the steps to install and verify that the Splunk Add-on for Microsoft Windows is installed on your Splunk® Enterprise Core Search Head(s) and Indexer(s).
|
View Steps
|
|
|
Installing the Splunk Windows TA in the Splunk Cloud™ environment
We will now cover the steps to install and verify that the Splunk Add-on for Microsoft Windows is installed in your Splunk Cloud™ environment.
|
View Steps
|
|
|
Enable Receiving Port on the Splunk Core System
We will now cover the steps to enable and configure the Receiving Port on your Splunk Core System using the Splunk Web console.
|
View Steps
|
|
|
Enable Receiving Port on the Splunk Indexer(s)
We will now cover the steps to enable and configure the Receiving Port on your Splunk Indexer(s) using the Splunk Web console.
|
View Steps
|
|
|
Create and configure the indexes on your Splunk Core system
Create and configure the indexes on your Splunk Indexer(s)
We will now cover the steps to create the indexes that will store the Windows data sent from your Windows machines.
|
View Steps
|
|
|
Create and configure the indexes in your Splunk Cloud™ environment
We will now cover the steps to create the indexes that will store the Windows data sent from your Windows machines.
|
View Steps
|
|
|
Adjust or verify Splunk Knowledge Objects
We will now cover the steps for adjusting the Splunk Knowledge Objects(Macro's) used by the MS Windows AD Object application for pointing to the indexes where the Windows data is stored.
|
View Steps
|
|
|
|
Preparation Task: Prepare the Splunk Deployment Server component
|
|
|
Install the Splunk Deployment Server
The Deployment Server (DS) is an instance of Splunk Enterprise that you install on a Windows or Linux machine and configure pushes Splunk apps to the Splunk Universal Forwarders on your target Windows Systems.
|
View Steps
|
|
|
Configure HTTPS for Splunk Web.
We will now cover the steps to enable and configure the HTTPS on your Splunk Deployment Servers Web console.
|
View Steps
|
|
|
Enable Receiver Port on Splunk Deployment Server
We will now cover the steps to enable and configure the Receiving Port on your Splunk Indexer(s) using the Splunk Web console.
|
View Steps
|
|
|
Install the Splunk Cloud Credentials App
We will now cover the steps to install the Splunk Cloud Credentials Application on the Splunk Deployment Server.
|
View Steps
|
|
|
Install the Splunk Add-On for Microsoft Windows App
We will now cover the steps to install the Splunk Add-On for Microsoft Windows App Application on the Splunk Deployment Server.
|
View Steps
|
|
|
Configure the licensing for the deployment server
|
View Steps
|
|
|
Pre-Defined TA Configuration: Copy App(s) to the Splunk Deployment Server
Complete the below 3 steps, leveraging the table above the steps as a visual map for each step.
|
View Steps
|
|
|
Pre-Defined TA Configuration: Create and configure Splunk Deployment Server Classes
Complete the below 3 steps, leveraging the table above the steps as a visual map for each step.
|
View Steps
|
|
|
|
Preparation Task: Prepare the Splunk Heavy Forwarder component
|
|
|
Install the Splunk Heavy Forwarder
The Splunk Heavy Forwarder is type of forwarder, which is a Splunk Enterprise instance that sends data to another Splunk Enterprise instance or Splunk Cloud environment.
|
View Steps
|
|
|
Enable Receiver Port on Splunk Heavy Forwarder
We will now cover the steps to enable and configure the Receiving Port on your Splunk Indexer(s) using the Splunk Web console.
|
View Steps
|
|
|
Install the Splunk Cloud Credentials App
We will now cover the steps to install the Splunk Cloud Credentials Application on the Splunk Heavy Forwarder.
|
View Steps
|
|
|
Install the Splunk Add-On for Microsoft Windows App
We will now cover the steps to install the Splunk Add-On for Microsoft Windows App Application on the Splunk Heavy Forwarder.
|
View Steps
|
|
|
|
Preparation Task: Prepare the TA Examples for Deploying to your Splunk Universal Forwarders
|
|
|
Pre-Defined TA Configuration: Copy App(s) to Network Share for manually deploying to the Splunk Universal Forwarders.
Complete the 5 configuration steps while leveraging the table above each step for guidance.
|
View Steps
|
|
|
|
Upgrade Preparation Tasks: Verify the required Knowledge Objects, review TA Differences and version updates.
|
|
|
Important Upgrade Configuration: Adjust or verify Splunk Knowledge Objects
Review the Autocheck Results and update the appropriate Macro's that are now being leveraged for pointing to specific indexes. This replaces the previous version's use of eventtypes.
|
View Steps
|
|
|
Compare Currently Deployed Inputs with Example Pre-Defined TAs
This step walks through the downloading of the MS Windows AD Object's Pre-Defined TA Examples to compare against currently deployed Windows inputs.
|
View Steps
|
|
|
Review Changes, configuration notes and more with the latest MS Windows AD Objects version.
This step walks through the changes in the latest MS Windows AD Object version, including important configuration notes and required implementation changes.
|
View Steps
|
|
|