Installation

This Add-on is supported on all tiers of a distributed Splunk platform deployment and also on standalone Splunk instances. The table below provides a reference for installing the add-on in a distributed Splunk deployment:

Splunk instance typeSupportedRequiredComments
Search HeadsYesYesAll the search time extraction rules takes place on Search Heads
IndexersYesNoAll data parsing will be done on heavy forwarder only.
Heavy ForwardersYesYesThis Add-on supports only heavy forwarder for data collection.
Universal ForwarderNoNoThis Add-on contains Python Scripts to make API calls, hence not supported on Universal Forwarder

You can follow the below steps to install the OPSWAT MetaDefender IT Access Add-on for Splunk

  1. Download the Add-on from Splunkbase here

  2. Install the Add-on on your Search Heads and Heavy Forwarder of distributed deployment, you can also install it on IDM if you are on Splunk Cloud.

    1. Login to Splunk server and go to “Manage Apps”, select “install app from File” button and upload the bundle downloaded in step 1.
    2. Alternatively, you can also extract the bundle in the backend at $SPLUNK_HOME/etc/apps,where$SPLUNK_HOME_is your Splunk installation directory.

  3. After installation, restart the Splunk service.

You can find more details on how to install an add-on based on your deployment type below:

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Configuration
On This Page
Installation