BlackBerryprovides both an application and a technology add-on (TA). If the
Splunkenvironment is an all-in-one, only the application needs to be installed since it contains both the visual and the data ingest components. If the
Splunkenvironment is distributed, then the application should be installed on the search heads and the TA should be installed on the indexers and forwarders.
If the once-per-day Threat Data Report data source is desired, the full app is required on at least one Heavy Forwarder because it uses inputs.
If this is the first time you are installing the app in this
Splunkinstance, then follow the steps below. In most cases, an application upgrade will work. However, if you run into issues upgrading the
Splunk, then follow the uninstall steps (outlined in the Uninstallation section) before installing the latest version of the app.
After you have downloaded
Splunkvia Splunkbase, the installation of this app follows the normal app install procedure of either manually unpacking the package (.tar.gz) or using
SplunkWeb Manage Apps.
If you run
Splunkin a distributed setup, you must install the
Splunkon a single Heavy Forwarder in addition to the search heads. The search heads should only have the
SplunkWeb enabled (GUI visible) and do not require the inputs because the Heavy Forwarder should have the inputs enabled.
SplunkVersion / Installation:
- Not allSplunkversions interact with the app the same way. Using different browsers may help increase setup and navigation compatibility. For example, useChromefor configuring TDR and use Firefox to view menus: