Install the Splunk Add-on for Microsoft Cloud Services¶
Follow these high-level steps to install the Splunk Add-on for Microsoft Cloud Services:
- Get the Splunk Add-on for Microsoft Cloud Services by downloading it from Splunkbase or browsing to it using the app browser within Splunk Web.
- Determine where and how to install this add-on in your deployment, using the tables on this page.
- Perform any prerequisite steps before installing, if required and specified in the following tables.
- Complete your installation.
If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the Installation walkthroughs section for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud Platform.
Distributed deployment¶
Use the following tables to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you might need to install the add-on in multiple places.
Where to install this add-on¶
Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.
Splunk platform instance type |
Supported |
Required |
Actions required / Comments |
|---|---|---|---|
Splunk Cloud |
Yes |
No |
To install the Splunk Add-on for Microsoft Cloud Services on your Splunk Cloud instance, file an installation request with Splunk Support. |
Search Heads |
Yes |
Yes |
Install this add-on to all search heads where Microsoft Cloud Services knowledge management is required. As a best practice, turn off add-on visibility on your search heads to prevent data duplication errors that can result from running inputs on your search heads instead of or in addition to your data collection node. |
Indexers |
Yes |
Conditional |
Not required. Parsing operations occur on the heavy forwarders. If using a HEC token, indexer build installation is required on indexers. |
Heavy forwarders |
Yes |
No |
This add-on supports heavy forwarders and Inputs Data Manager (IDM) for data collection. |
Universal forwarders |
No |
No |
This add-on supports only heavy forwarders and Inputs Data Manager (IDM) for data collection because the modular inputs require Python and the Splunk REST handler. |
Inputs Data Manager (IDM) |
Yes |
No |
This add-on supports heavy forwarders and Inputs Data Manager (IDM) for data collection. IDM is required for Splunk Cloud. |
Distributed deployment feature compatibility¶
This table describes the compatibility of this add-on with Splunk distributed deployment features.
Distributed deployment feature |
Supported |
Actions required / Comments |
|---|---|---|
Search Head Clusters |
Yes |
Turn off add-on visibility on search heads. You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. Before you install this add-on to a cluster, remove the inputs.conf file. |
Indexer Clusters |
Yes |
Before you install this add-on to a cluster, remove the inputs.conf file. |
Deployment Server |
No |
Supported for deploying unconfigured add-ons only. Using a deployment server to deploy configured add-ons to multiple forwarders acting as data collectors causes duplication of data. |
Installation walkthroughs¶
The Splunk Add-Ons manual includes an About installing Splunk add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario: