I'm not understanding the installation instructions. I currently have a forwarder installed on the Symantec server and it is forwarding data to the indexer. I've installed the Symantec add-on on the search head but getting error when trying to open the Symantec app. Does the app have to be installed on the indexer? What files do I need to configure and where?
After much trial and error we cleared out everything and started fresh, we did use the new app for Symantec. and edited our inputs, index conf files. seem to be getting relevant info in Splunk security essentials app as well as independent searches. Its still a work in progress
do you have return for this problem ?
I would like to receive the SEP log . I don't know if i may install an forwarder and the SEP add on , or i can to configure the SEP manager to send log ( syslog UDP 514 default) to the Splunk Indexer and in this case , has the SEP add on is necessary ?
I'm getting the 404 Page not found error. It's unable to find the "app/Splunk_TA_symantec-ep/setup" page. I'm not sure if everything is setup correctly. The universal forwarder is installed on the "Symantec" server, the "Symantec end point" app is installed on the "Splunk Search Head". Does the "Symantec end point" app need to be installed on both the forwarder and search head?
