All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Will the Qualys VM App for Splunk Enterprise run on a search head cluster?

nmarangella
New Member
‎04-10-2017 12:27 PM

Will the Qualys VM App for Splunk Enterprise run on a search head cluster?

I don't see anything in the documentation about it. I know some of the third party apps we've used haven't supported running on a search head cluster and we've had to install them on a standalone.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jleggett
Explorer
‎04-11-2017 08:17 AM

Yes, install the TA on all the search heads in the cluster and enable knowledgebase on them. On your indexer or heavy forwarder install the TA and enable hostdetection and/or was_detection on it. The knowledgebase is a lookup table and needs to be on every search head you search from. Then you can install the Qualys VM App for SPLunk where you need it.

View solution in original post

Reply
Solved! Jump to solution
Solution

jleggett
Explorer
‎04-11-2017 08:17 AM

Yes, install the TA on all the search heads in the cluster and enable knowledgebase on them. On your indexer or heavy forwarder install the TA and enable hostdetection and/or was_detection on it. The knowledgebase is a lookup table and needs to be on every search head you search from. Then you can install the Qualys VM App for SPLunk where you need it.

Reply
Solved! Jump to solution

nmarangella
New Member
‎04-11-2017 03:53 PM

So the VM App should also be installed on every SH in the cluster?

0 Karma
Reply
Solved! Jump to solution

nit123
Path Finder
‎06-16-2017 06:14 AM

Yes. VM App should be installed on each of the search heads to be able to fetch reports on data indexed on the indexer.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...