All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Tenable Add-on Configuration

dellytaniasetia
Explorer
‎10-18-2016 02:21 AM

Hello,

I have the following questions which not found in the documentation:
1. Any firewall rules to be open between SC and Splunk Heavy Forwarder?
2. Any indexes to be created at the indexers? If yes, what are the steps to create the indexes at my 2 indexers (they are non-clustered).

Any advice is appreciated.

Cheers

0 Karma
Reply

adamsaul
Communicator
‎10-19-2016 07:47 AM

Delly,

Adding the app to the indexers will then allow you to configure the data inputs. From there, you will choose which index the data goes to. I've included some screenshots of what you should see on your indexers after the add-on is added.
alt text

alt text

Preview file
45 KB
Preview file
8 KB
0 Karma
Reply

adamsaul
Communicator
‎10-18-2016 02:27 PM

  1. The queries to SC should be done via REST, either HTTP(TCP:80) or HTTPS(TCP:443)

  2. Indexes will be needed to be created. You can expedite this process by installing the add-on to your Indexers or creating a Search Head bundle and deploying it as such to your Indexers.
    http://docs.splunk.com/Documentation/Splunk/6.5.0/Indexer/Updatepeerconfigurations

0 Karma
Reply

dellytaniasetia
Explorer
‎10-18-2016 07:11 PM

Hi,

For item number 2, are you referring to following steps:
To install an add-on to an indexer:
1. Download the add-on from Splunkbase, then unpack the .tgz package.
2. Place the resulting Splunk_TA_ folder in the $SPLUNK_HOME/etc/apps directory on your indexer.
3. Restart the indexer.

Have you performed this? What would be the name of the default indexes created?

Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...