All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Can I install Qualys Technology Add-on (TA) for Splunk on Indexer ??

kleber_silva
Engager
‎01-23-2018 05:44 AM

Hi Team

I have a Qualys Cloud Plataform and I need install app on Splunk, but my Heavy Forwarder is Windows Server.
Can I install Qualys TA app in Indexer server ?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-30-2018 01:42 PM

Indexers should not also do data collection, they're supposed to be peas in a pot. By having one indexer be different from the rest you lose easy interchangeability, cluster-ability, and won't get loadbalanced searches on qualys data.

It'll work, but it'll suck.

I'd recommend standing up a Linux VM with a HF.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

nit123
Path Finder
‎02-19-2018 02:35 AM

You should install Qualys Technology Add-on (TA) for Splunk on the Forwarder (and enable data inputs that you need) only and no install required on Indexer. Only enable receiving on the indexer. The forwarder will forward data to indexer and the reporting apps installed on Search heads will talk to the indexer for the data on it.

Hope this information helps.

0 Karma
Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎01-30-2018 01:42 PM

Indexers should not also do data collection, they're supposed to be peas in a pot. By having one indexer be different from the rest you lose easy interchangeability, cluster-ability, and won't get loadbalanced searches on qualys data.

It'll work, but it'll suck.

I'd recommend standing up a Linux VM with a HF.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...