Hey! Can anyone tell me is it safe to install third party app on Splunk like TA-symantec syslog. If yes, how can I install it on heavy forwarder which is a Linux machine?
Download the app.
Transfer it to your HF into /tmp
Run these commands:
cd /opt/splunk/etc/apps
tar xvf /tmp/<your filename here>
You should remove the eventgen
files and restart.