Hey,
We want to install Splunk for Symantec on a Windows server.
I saw the installation guide:
splunkbase.splunk.com/app/1365/#/documentation
I don't understand what the TA-sepapp12 is, where I can find it, and how do I configure it?
Thanks
Hi @abovebeyond
The app itself has the UI for you to search and visualize your data, but the TA (Add-on) helps with parsing of data for the app such as proper field recognition and extraction. Without the TA, you might be getting strangely formatted data or no data at all in your dashboards.
The bottom of the app's documentation page that you included has the instructions for finding the TA under "Installation".
"They are included with this app in the appserver/addons directory. For single server Splunk instances, the TAs will be on the same server as the app. For distributed Splunk instances, the TAs just needs to go on the indexers and the app just goes on the search heads."
Just below that are instructions for configuring the TA.
Keep in mind that the app is only supported for Splunk 6.0, 5.0, and 4.3 in case you're using 6.1.x or 6.2.x. If you're still having issues, hopefully someone else who has successfully installed/configured the app can chime in or the developer himself.
Are there plans to support Splunk 6.2?