Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk TA installation location

jmcclure8
New Member
‎08-29-2018 07:04 AM

I am trying to install the Rapid 7 TA. The document doesn't really give any good information. There are no searches, just inputs, so I am guessing it needs to go on a Heavy Forwarder and the Search Head?

0 Karma
Reply

muralikoppula
Communicator
‎08-29-2018 08:49 AM

@jmcclure8
There are different scenarios where you need to place the TA app:
1- If you're collecting logs from universal forwarder, the app should go on UF and indexer as well.(This will work if UF point to indexers directly)

2- if you're collecting logs through syslog and you need to place this app on Heavy Forwarder and there is an indexes.conf so you should place same app in indexer side as well

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-29-2018 08:32 AM

Any TA that only contains inputs should not be installed on a search head unless those inputs are disabled.
Depending on the nature of the inputs, you may be able to install the TA on a Universal Forwarder.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...