All Apps and Add-ons

Is the Duo Splunk Connector only available with Splunk Enterprise or is it available with Splunk Light as well?

whorobin
Engager

We have Splunk Light, which is more than sufficient for our use cases. We would like to implement the Duo Splunk Connector to it but it appears as though it is only available with Splunk Enterprise.

Thanks

0 Karma

duosec
Explorer

Hey there whorobin,

The Duo Splunk Connector was built for Splunk Enterprise and works best there but I just tested that you should be able to manually add the Duo Splunk Connector to Splunk Light. You won't be able to take advantage of any of the prebuilt dashboards since we use a macro instead of an index in our searching but but you will get the Duo Data input and will be able to pull in Duo logs.

To do that:

  1. You can download the SPL file from the Duo Docs.
  2. You can then untar the file and copy the "duo_splunkapp" folder into your Splunk "apps" directory.
  3. Restart Splunk
  4. Go to Data Inputs -> Duo Data Input

From there you can follow the directions in the docs to get the connector setup.

whorobin
Engager

Hi there-

I am not getting an option to untar the file after downloading the SPL file. Is there a step that I am missing in regards to getting that part done?

0 Karma

duosec
Explorer

You should be able to untar the SPL file by doing something similar to:

tar xvf duo_splunkapp_1.1.1.spl
0 Karma

whorobin
Engager

I'm sorry but I'm having alot of trouble with this step. It seems as though this would work in Linux but not on Windows, which is what I am using. Is there a way to use the SPL file to link up with Splunk Light on a Windows server?

0 Karma

duosec
Explorer

I would recommend downloading a program similar to 7zip which will let you extract the files from the SPL file on Windows.

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...