Splunk® Supported Add-ons

Splunk Add-on for RSA DLP

Install the Splunk Add-on for RSA DLP

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise. See the "installation walkthrough" section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.

Distributed installation of this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where RSA DLP knowledge management is required.
Indexers Yes No Not required, because this add-on does not include any index-time operations.
Heavy Forwarders Yes No All forwarder types are supported.
Universal Forwarders Yes No All forwarder types are supported.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but only configure inputs on a forwarder to avoid duplicate data collection.
Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Indexer Clusters Yes Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Deployment Server Yes Supported for deploying configured add-on to your forwarder.

Installation walkthrough

See "Installing add-ons" in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Last modified on 11 October, 2021
Installation overview for the Splunk Add-on for RSA DLP   Configure RSA DLP to produce syslog for the Splunk Add-on for RSA DLP

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters