I have to deploy the Cisco ACI Add-on for Splunk Enterprise on a heavy forwarder without web interface. How can I configure it with the configuration files, the Readme mentions only the web interface.
Hi,
First thing I would do is install it on a local Splunk test instance and configure it there. Then after the configuration copy the whole app across to the Heavy Forwarder. This is the route I normally take in these situations.
Else you need to go down the rabbit hole of editing the conf files manually and that might be a big pain.
For example the cisco_aci_server_setup.conf:
[cisco_aci_server_setup_settings]
cisco_aci_host =
cisco_aci_port =
cisco_aci_username =
password =
is_password_authentication = 1
is_remote_user_authentication = 0
remote_user_domain_name =
remote_user_password =
is_cert_authentication = 0
cert_name=
cert_private_key_path=
It contains a password that probably is stored encrypted during the setup. This makes it very hard to manually configure it in the cli.