All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Tenable Add-on Configuration

dellytaniasetia
Explorer
‎10-18-2016 02:21 AM

Hello,

I have the following questions which not found in the documentation:
1. Any firewall rules to be open between SC and Splunk Heavy Forwarder?
2. Any indexes to be created at the indexers? If yes, what are the steps to create the indexes at my 2 indexers (they are non-clustered).

Any advice is appreciated.

Cheers

0 Karma
Reply

adamsaul
Communicator
‎10-19-2016 07:47 AM

Delly,

Adding the app to the indexers will then allow you to configure the data inputs. From there, you will choose which index the data goes to. I've included some screenshots of what you should see on your indexers after the add-on is added.
alt text

alt text

Preview file
1 KB
Preview file
1 KB
0 Karma
Reply

adamsaul
Communicator
‎10-18-2016 02:27 PM

  1. The queries to SC should be done via REST, either HTTP(TCP:80) or HTTPS(TCP:443)

  2. Indexes will be needed to be created. You can expedite this process by installing the add-on to your Indexers or creating a Search Head bundle and deploying it as such to your Indexers.
    http://docs.splunk.com/Documentation/Splunk/6.5.0/Indexer/Updatepeerconfigurations

0 Karma
Reply

dellytaniasetia
Explorer
‎10-18-2016 07:11 PM

Hi,

For item number 2, are you referring to following steps:
To install an add-on to an indexer:
1. Download the add-on from Splunkbase, then unpack the .tgz package.
2. Place the resulting Splunk_TA_ folder in the $SPLUNK_HOME/etc/apps directory on your indexer.
3. Restart the indexer.

Have you performed this? What would be the name of the default indexes created?

Thanks

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...