Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

Thank You

Downloading Splunk Add-on for Microsoft Windows
SHA256 checksum (splunk-add-on-for-microsoft-windows_484.tgz) c21c74f793c57ca4206a16855f3e82d92c05fec69097310f9dffc72c48e2eaf8 SHA256 checksum (splunk-add-on-for-microsoft-windows_483.tgz) 9d87a36e35573e40a14e4080ab895adcdd51e3ae26531ded9385c3f5444eb252 SHA256 checksum (splunk-add-on-for-microsoft-windows_482.tgz) c49df6f84283008ad1d75e7fe3551b2bd10debea39d1a1005fcc244b36ebe6dd SHA256 checksum (splunk-add-on-for-microsoft-windows_481.tgz) ec9ea5080638f64ebeadc28fe9a734a0cb6b21350e43bc4ba1241719d72a3a7e SHA256 checksum (splunk-add-on-for-microsoft-windows_480.tgz) 554b2c728509a16485fdc3ee37f9c458c86f68e617a73f28572deccf236a6d5b SHA256 checksum (splunk-add-on-for-microsoft-windows_475.tgz) 3c6c46aa28559446cc9e94d3bde803f6e76a48aac88f97db77b8d852a3ad91a8 SHA256 checksum (splunk-add-on-for-microsoft-windows_474.tgz) 9bd6295396cea744d6ff782e1427b58b73f1ac904d632a089bc18ff5a1856540 SHA256 checksum (splunk-add-on-for-microsoft-windows_473.tgz) 9d4f2707953c425c00739c21ffb3eb0136a6d7a04bee7dbc93586cb6a58a2ce4 SHA256 checksum (splunk-add-on-for-microsoft-windows_472.tgz) ccf6c571f75bb9b491a6890699d0496f60ba869fb394743454b33e3ce899b237 SHA256 checksum (splunk-add-on-for-microsoft-windows_471.tgz) fa880c91008dc4dc06f127f8b90bea765983b95c52ab1e7678a413880958e29d SHA256 checksum (splunk-add-on-for-microsoft-windows_470.tgz) d8a60997a1a5423c5adf5f1703b2f3666da3c78188f99fd09a39ae9adf231dc9 SHA256 checksum (splunk-add-on-for-microsoft-windows_467.tgz) 47abbe8380e12c9c4e1aef253cdc6ab2c76ab594263a502ffd21b51e5b7ceeba SHA256 checksum (splunk-add-on-for-microsoft-windows_466.tgz) 14393540beddc9515e7862893a624af34646bd1597699ea7f1082b1f605007d8 SHA256 checksum (splunk-add-on-for-microsoft-windows_465.tgz) ddaaa0b98e87766bec20a23ffc62587f7ebb27af26e4351f5cd6fff3da5a19da SHA256 checksum (splunk-add-on-for-microsoft-windows_464.tgz) 8d6d5c24abfd44ae83f2647beb1936509f4af5e70da3db6252e69b93f319802c SHA256 checksum (splunk-add-on-for-microsoft-windows_463.tgz) 6fce5d284b1cedb7135b68a2574b13f950908c12b515bd7b4bb4569795fd4e15
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Splunk Add-on for Microsoft Windows

Splunk Built
The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

To learn about the Splunk Add-on for Microsoft Windows, see the official documentation here on docs.splunk.com.

For information on what has been fixed as well as known issues, see the release notes.

Release Notes

Version 4.8.4
March 20, 2017

For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes

Version 4.8.3
April 1, 2016

For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes

Version 4.8.2
Feb. 29, 2016

For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes

Version 4.8.1
Dec. 14, 2015

For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes

Version 4.8.0
Sept. 18, 2015

For information on what has been fixed as well as known issues, see the release notes -http://docs.splunk.com/Documentation/WindowsAddOn/latest/User/Releasenotes

Version 4.7.5
March 31, 2015

The add-on has improved logic for extracting Windows Registry information. (TAG-9106)

Version 4.7.4
Feb. 12, 2015

Bug fixes.
The add-on has been updated to better handle interaction with host field values in generated event data. (TAG-8935)

Change log (what's been fixed)
A problem with the secrpt-new-users macro has been fixed. (TAG-8945)
A problem with a transform that prevented the "User Account Lockout" dashboard from display events correctly was fixed. (TAG-8915, TAG-8894)
A problem with a transform that prevented security log field extractions from working properly was fixed. (TAG-3433)

Version 4.7.3
Oct. 22, 2014

The add-on no longer invokes variable key-value field extractions unnecessarily. This should improve overall performance on apps which rely on the add-on. (MSAPP-3293)

Version 4.7.2
Sept. 25, 2014

- An issue where some panels displayed with mislabeled drop-downs was fixed. (MSAPP-3214)
- A problem with an incorrectly-configured blacklist filter in the Windows Security Event Log stanza has been fixed. (MSAPP-3151)
- The "All_Changes.Account Management" events now properly extract "account deleted" actions. (MSAPP-3055)
- The add-on no longer generates warnings about invalid values in stanzas on some versions of Splunk. (MSAPP-3053)
- Values defined within stanzas in some configuration files now have proper URI encodings. (MSAPP-3012)

Version 4.7.1
Aug. 18, 2014

- The Splunk Add-on for Windows no longer improperly appears in dashboards in the Splunk App for Enterprise Security. (MSAPP-1835)
- Several Security Event Log field extractions that were in the add-ons included with the Splunk App for Windows Infrastructure have been moved to the Splunk Add-on for Windows. (MSAPP-2748)
- The Splunk Add-on for Windows now properly detects Windows updates on Windows Server 2012. (MSAPP-2799)
- The WMI:UserAccountsSID source has been deprecated. The Splunk Add-on for Windows now uses the WMI:UserAccounts source. (MSAPP-2802)

Version 4.7.0
July 30, 2014

- An issue where the TA did not properly extract the "User" Common Information Model (CIM) field for failed logons was fixed. (MSAPP-2466)
- Added new lookup to convert Windows Event Log eventType numerical values into strings. (MSAPP-1442)
- Added some data model panels. (MSAPP-2773)
- Added some field extractions for the Security Windows Event Log channel. (MSAPP-2748)
- Updated a search that used WMI to retrieve a list of local users. The script returns only local users and runs faster. (MSAPP-2659)
- indexes.conf has been modified to include default indexes for Windows data. (MSAPP-2698, MSAPP-2755)
- Fixed some problems surrounding MS Event Log code 4776 (MSAPP-164)

Version 4.6.7
July 7, 2014

- Added TaskCategory "User Account Management" to the account_management event type. (MSAPP-2233)
- Made changes to support Change Analysis:Audit Changes data model object. (SOLNESS-4993)
- Made changes for Filesystem_Changes data model. (SOLNESS-4743)
- Enhanced Windows Server 2008 time synchronization detection. (MSAPP-1848)
- REGRESSION: Fixed an issue where action field was being destroyed by OUTPUT. (MSAPP-2793)
- Updated to accommodate new Endpoint Change data model. (SPL-50859):

Version 4.6.6
March 25, 2014

Version 4.6.5
Dec. 2, 2013

Fixed issue where using the Add-On with Splunk 6 caused "typo in stanza" warnings on startup

Version 4.6.4
Oct. 12, 2013

CIM compliance updates; Compatible with Splunk 6.

Version 4.6.3
July 23, 2013

The app has been updated to conform to application taxonomy requirements.


Subscribe Share

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2018 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.