All Apps and Add-ons

Where do I install the FireEye Add-on for Splunk Enterprise?

gerald_contrera
Path Finder

Hi all,

We currently have
4- indexer peers
1- heavy forwarder which forwards FireEye logs (which syslog to a folder and is monitored by HF) to splunk.
- FireEye EX and soon NX

I have installed the FireEye-App on the search heads, and currently have the Add-on/TA on the heavy forwarder.
Can anyone confirm if i have to install the add-on/TA on the indexers also?

Any help would be great, there is a lot of doco on the FireEye App, but not much on the Add-on/TA.

We are currently getting some basic data in the App. But i would have expected more?

Thanks in advance

0 Karma
1 Solution

gerald_contrera
Path Finder

Answered my own.
Looks like I had to make sure I was using the right source type for this to work.

Used custom folder monitor syslog events ensuring to use fe sourcetype. Installed app on SH.

View solution in original post

0 Karma

gerald_contrera
Path Finder

Answered my own.
Looks like I had to make sure I was using the right source type for this to work.

Used custom folder monitor syslog events ensuring to use fe sourcetype. Installed app on SH.

0 Karma
Get Updates on the Splunk Community!

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...

Splunkbase | Splunk Dashboard Examples App for SimpleXML End of Life

The Splunk Dashboard Examples App for SimpleXML will reach end of support on Dec 19, 2024, after which no new ...

Understanding Generative AI Techniques and Their Application in Cybersecurity

Watch On-Demand Artificial intelligence is the talk of the town nowadays, with industries of all kinds ...