You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection. This table describes the compatibility of this add-on with Splunk distributed deployment features.ĭeactivate add-on visibility on search heads. This add-on is not supported by SSAI if an IDM is used.ĭistributed deployment feature compatibility This add-on is supported by Self Service App Install (SSAI). This add-on is supported by Splunk Inputs Data Manager (IDM). ![]() This add-on can use heavy forwarders to perform data collection through modular inputs and to perform the setup and authentication in Splunk Web. Not required if you use heavy forwarders to collect data. These errors can result from running inputs on your search heads instead of on your data collection node. As a best practice, turn visibility off on your search heads to prevent data duplication errors. Install this add-on to all search heads where you want to collect information. This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform. See Where to install Splunk add-ons in Splunk Add-ons for more information. Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. Depending on your environment, your preferences, and the requirements of the add-on, you might need to install the add-on in multiple places. Use the following tables to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the Installation walkthroughs section later on this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud Platform. Perform any prerequisite steps before installing, if required and specified in the tables on this page.Determine where and how to install this add-on in your deployment, using the tables on this page.To install the Splunk Add-on for Splunk Attack Analyzer, follow these high-level steps: The next step is to configure the types of events you want to collect.įor more information, please see Configure Splunk Universal Forwarder.Install the Splunk Add-on for Splunk Attack Analyzer Click Install to complete the installation.Splunk receiving indexers receive events from multiple endpoints. Enter details about the Splunk Receiving Indexer here.Splunk deployment servers distribute configurations, applications, and content to groups of Splunk Enterprise instances. Enter details about the Splunk Deployment Server here.You must configure either a Deployment Server or a Receiving Indexer as a minimum to send events to Splunk Enterprise. In the next section you can choose to configure the Deployment Server and Receiving Indexer. If installing the Splunk Universal Forwarder on the Windows Event Collector node, check the Forwarded Events box to send all the forwarded events to Splunk Enterprise. ![]() Splunk only needs to see events from that machine, rather than remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |