Installation

How do you install TA's for SplunkforSymantec?

Engager

The documentation for SplunkforSymantec state:

After downloading the app and going through the set up process, you still need to install either the Symantec 11 Technology Add-on or Symantec 12 Technology Add-on. If you are currently running both products, you should install both TAs. They are included with this app in the appserver/addons directory.

How do you install the TA?

Also in the /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons/TA-sepapp12/README there are references to:

  1. Copy the following file: 
    $SPLUNKHOME/etc/apps/TA-sep/default/inputs.conf.local To the following location: $SPLUNKHOME/etc/apps/TA-sep/local/inputs.conf​

These locations do not exist!

Labels (1)
0 Karma

Path Finder

I have the similar issue - can anyone elaborate on the installation instructions? I have a couple of forwarders, and a couple of indexers and a search head (all on different machines). As I understood, I am required to install the TA on the indexers - how does one achieve that? I dont see any option for spl or tgz file.

0 Karma

Explorer

I'm having a similar issue. I am seeing events form the symantec server in the data. I do not see the Symantec Plugin recognizing that data. I've located the TA for sep11 and sep12 in /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons but there are no tgz or spl file to install.

0 Karma

Path Finder

Are you putting those on your SEP server? I believe that is only required if you are installing a UF on your SEP server.

0 Karma