All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Configuration of Checkpoint logs and Splunk

kellywilson
Engager
‎03-28-2014 10:24 AM

Hello everyone! I am new to this site as well as Splunk.

I am having a bit of trouble understanding the connection between CP logs and Splunk. We would like to pull those logs into Splunk. As of now, we have a windows (2K8R2) server with the latest version of Splunk enterprise installed, and a Centos 6.5 Linux server with the latest version of splunk installed on it as well. The documentation does a decent job of explaining how to get Splunk onto those particular machines, but not the process in which to import or grab those logs from Checkpoint. I’m confused as to whether or not I need to install the LEA add-on on the linux machine, the CP management server or the windows box, or all of them. Any direction as to how this architecture should look would help tremendously.

Thank you!

Reply
1 Solution
Solved! Jump to solution
Solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎03-31-2014 06:43 AM

Yes. The app, http://apps.splunk.com/app/1454 would be installed on the Linux machine AND on the Indexer running Splunk Enterprise. The Linux machine should be a full Splunk instance (Heavy Forwarder) that is setup to forward the collected logs from this instance to the Splunk Indexer you have installed on Windows. The add-on needs to be installed on the Indexer to take advantage of field extractions, lookups, and index-time knowledge in the package.

View solution in original post

Reply
Solved! Jump to solution
Solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎03-31-2014 06:43 AM

Yes. The app, http://apps.splunk.com/app/1454 would be installed on the Linux machine AND on the Indexer running Splunk Enterprise. The Linux machine should be a full Splunk instance (Heavy Forwarder) that is setup to forward the collected logs from this instance to the Splunk Indexer you have installed on Windows. The add-on needs to be installed on the Indexer to take advantage of field extractions, lookups, and index-time knowledge in the package.

Reply
Solved! Jump to solution

dmaislin_splunk
Splunk Employee
Splunk Employee
‎05-07-2014 10:22 AM

Fantastic!

0 Karma
Reply
Solved! Jump to solution

araitz
Splunk Employee
Splunk Employee
‎05-07-2014 10:16 AM

Great to hear!

0 Karma
Reply
Solved! Jump to solution

kellywilson
Engager
‎05-07-2014 09:50 AM

Thank you! we have it setup that way exactly and it working like a charm!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...