Accept License Agreements

Thank You

Downloading Splunk Add-on for Microsoft Windows
MD5 checksum (splunk-add-on-for-microsoft-windows_484.tgz) 8ddbd09d1be9baaf2d05b28ee9589b6b MD5 checksum (splunk-add-on-for-microsoft-windows_483.tgz) 360059f6f2439a4fd36dbba29c4600a3 MD5 checksum (splunk-add-on-for-microsoft-windows_482.tgz) 3d8d292d97537dcd8fec426daff1d90a MD5 checksum (splunk-add-on-for-microsoft-windows_481.tgz) b4d2059cf7afc8d76606d1b5794c3428 MD5 checksum (splunk-add-on-for-microsoft-windows_480.tgz) 900a1b1a4b92e328f75394d6d2935d4f MD5 checksum (splunk-add-on-for-microsoft-windows_475.tgz) 3aab7d90014cb706769892283dc229f8 MD5 checksum (splunk-add-on-for-microsoft-windows_474.tgz) 4cdabd7e59e261247ba6fb0d053d3c21 MD5 checksum (splunk-add-on-for-microsoft-windows_473.tgz) 3a66f72d7c401db0fda3df18e640b94e MD5 checksum (splunk-add-on-for-microsoft-windows_472.tgz) 4ac20da2f53a49a0f88d168be65e87f4 MD5 checksum (splunk-add-on-for-microsoft-windows_471.tgz) 7cbca8ed02cb16e8b225388ad295f9c9 MD5 checksum (splunk-add-on-for-microsoft-windows_470.tgz) 7321b9bf29ce9f0c16eb8ed87699a8b1 MD5 checksum (splunk-add-on-for-microsoft-windows_467.tgz) 10f73ca5a4aac0097535f3de627f33ce MD5 checksum (splunk-add-on-for-microsoft-windows_466.tgz) 0c5509d8f9be29c28423217f34e66d9d MD5 checksum (splunk-add-on-for-microsoft-windows_465.tgz) 230105958b85b4e9477a44acf98c8faa MD5 checksum (splunk-add-on-for-microsoft-windows_464.tgz) 0213c9fe0b0cd26ff1df832fb53a6613 MD5 checksum (splunk-add-on-for-microsoft-windows_463.tgz) 7dd15cdae04e1785ff571c6304c8c3ef
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Splunk Add-on for Microsoft Windows

Splunk Built
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

To learn about the Splunk Add-on for Microsoft Windows, see the official documentation here on

For information on what has been fixed as well as known issues, see the release notes.

Release Notes

Version 4.8.4
March 20, 2017

For information on what has been fixed as well as known issues, see the release notes -

Version 4.8.3
April 1, 2016

For information on what has been fixed as well as known issues, see the release notes -

Version 4.8.2
Feb. 29, 2016

For information on what has been fixed as well as known issues, see the release notes -

Version 4.8.1
Dec. 14, 2015

For information on what has been fixed as well as known issues, see the release notes -

Version 4.8.0
Sept. 18, 2015

For information on what has been fixed as well as known issues, see the release notes -

Version 4.7.5
March 31, 2015

The add-on has improved logic for extracting Windows Registry information. (TAG-9106)

Version 4.7.4
Feb. 12, 2015

Bug fixes.
The add-on has been updated to better handle interaction with host field values in generated event data. (TAG-8935)

Change log (what's been fixed)
A problem with the secrpt-new-users macro has been fixed. (TAG-8945)
A problem with a transform that prevented the "User Account Lockout" dashboard from display events correctly was fixed. (TAG-8915, TAG-8894)
A problem with a transform that prevented security log field extractions from working properly was fixed. (TAG-3433)

Version 4.7.3
Oct. 22, 2014

The add-on no longer invokes variable key-value field extractions unnecessarily. This should improve overall performance on apps which rely on the add-on. (MSAPP-3293)

Version 4.7.2
Sept. 25, 2014

- An issue where some panels displayed with mislabeled drop-downs was fixed. (MSAPP-3214)
- A problem with an incorrectly-configured blacklist filter in the Windows Security Event Log stanza has been fixed. (MSAPP-3151)
- The "All_Changes.Account Management" events now properly extract "account deleted" actions. (MSAPP-3055)
- The add-on no longer generates warnings about invalid values in stanzas on some versions of Splunk. (MSAPP-3053)
- Values defined within stanzas in some configuration files now have proper URI encodings. (MSAPP-3012)

Version 4.7.1
Aug. 18, 2014

- The Splunk Add-on for Windows no longer improperly appears in dashboards in the Splunk App for Enterprise Security. (MSAPP-1835)
- Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
- The Splunk Add-on for Windows now properly detects Windows updates on Windows Server 2012. (MSAPP-2799)
- The WMI:UserAccountsSID source has been deprecated. The Splunk Add-on for Windows now uses the WMI:UserAccounts source. (MSAPP-2802)

Version 4.7.0
July 30, 2014

- An issue where the TA did not properly extract the "User" Common Information Model (CIM) field for failed logons was fixed. (MSAPP-2466)
- Added new lookup to convert Windows Event Log eventType numerical values into strings. (MSAPP-1442)
- Added some data model panels. (MSAPP-2773)
- Added some field extractions for the Security Windows Event Log channel. (MSAPP-2748)
- Updated a search that used WMI to retrieve a list of local users. The script returns only local users and runs faster. (MSAPP-2659)
- indexes.conf has been modified to include default indexes for Windows data. (MSAPP-2698, MSAPP-2755)
- Fixed some problems surrounding MS Event Log code 4776 (MSAPP-164)

Version 4.6.7
July 7, 2014

- Added TaskCategory "User Account Management" to the account_management event type. (MSAPP-2233)
- Made changes to support Change Analysis:Audit Changes data model object. (SOLNESS-4993)
- Made changes for Filesystem_Changes data model. (SOLNESS-4743)
- Enhanced Windows Server 2008 time synchronization detection. (MSAPP-1848)
- REGRESSION: Fixed an issue where action field was being destroyed by OUTPUT. (MSAPP-2793)
- Updated to accommodate new Endpoint Change data model. (SPL-50859):

Version 4.6.6
March 25, 2014

Version 4.6.5
Dec. 2, 2013

Fixed issue where using the Add-On with Splunk 6 caused "typo in stanza" warnings on startup

Version 4.6.4
Oct. 12, 2013

CIM compliance updates; Compatible with Splunk 6.

Version 4.6.3
July 23, 2013

The app has been updated to conform to application taxonomy requirements.


Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2017 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.