Getting Data In

Looking for solutions for Linux/Unix Auditing?

kymenope
Explorer

Fairly new Splunk user here looking for Linux auditing solutions.  I am running a disconnected version of Splunk Enterprise and thus cannot make use of the content pack which replaced the application and add-on according to SplunkBase. 

Am I still able to use the archived applications and add-on? 

Realistically I am seeking a solution that would allow me to configure the universal forwarders I'm using to send the appropriate data so I can create queries via the linux_secure sourcetype.

Labels (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Hi

I'm not sure if I understood right your question.

There is no need to be a connection between your instance and splunkbase. Just download those apps/TAs etc from it to your workstation and then transfer those with any usable way to your UF's, DS and/or Splunk enterprise instances. Then just install those as instructions said and start to use those.

That's the way how I do installation almost every time. I use that direct connection to splunkbase only on my test/demo etc. instances, never on production systems.

r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

I'm not sure if I understood right your question.

There is no need to be a connection between your instance and splunkbase. Just download those apps/TAs etc from it to your workstation and then transfer those with any usable way to your UF's, DS and/or Splunk enterprise instances. Then just install those as instructions said and start to use those.

That's the way how I do installation almost every time. I use that direct connection to splunkbase only on my test/demo etc. instances, never on production systems.

r. Ismo

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...