All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to install the Tripwire Enterprise App for Splunk Enterprise on a Search Head?

scc00
Contributor
‎05-27-2015 12:23 PM

Hi, I'd like to install the Tripwire Enterprise app on one of my Search Heads. I do not want the logs to be stored locally since it is a search head. The logs should be pushed to my indexers, preferably load balanced. So my question is this, given that the app will be installed on a search head, would it be best to install a universal forwarder on the tripwire console server, then configure the outputs.conf files to send to my indexers? Given the question i've just asked, can I also configure the Tripwire Data Directory to point to the essentially load balanced indexers when I setup the app? Or is there a better way to accomplish all of this? The installation instruction does not mention any of this.

0 Karma
Reply

JimWachhaus
Path Finder
‎06-08-2016 05:29 PM

Originally the app was intended to be installed on a Search Head with the logs going to the search head.

An alternative is to use a heavy forwarder.

The universal forwarder method described may not work.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...