Title
Create new category
Edit page index title
Edit category
Edit link
Installation
This Add-on is supported on all tiers of a distributed Splunk platform deployment and also on standalone Splunk instances. The table below provides a reference for installing the add-on in a distributed Splunk deployment:
Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
Search Heads | Yes | Yes | All the search time extraction rules takes place on Search Heads |
Indexers | Yes | No | All data parsing will be done on heavy forwarder only. |
Heavy Forwarders | Yes | Yes | This Add-on supports only heavy forwarder for data collection. |
Universal Forwarder | No | No | This Add-on contains Python Scripts to make API calls, hence not supported on Universal Forwarder |
You can follow the below steps to install the OPSWAT MetaDefender IT Access Add-on for Splunk
Download the Add-on from Splunkbase here
Install the Add-on on your Search Heads and Heavy Forwarder of distributed deployment, you can also install it on IDM if you are on Splunk Cloud.
Login to Splunk server and go to “Manage Apps”, select “install app from File” button and upload the bundle downloaded in step 1.
Alternatively, you can also extract the bundle in the backend at $SPLUNK_HOME/etc/apps,where$SPLUNK_HOME_is your Splunk installation directory.
After installation, restart the Splunk service.
You can find more details on how to install an add-on based on your deployment type below: