Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Add-on for Cisco ASA

This topic provides an overview of installing your add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in.

Where to install this add-on

Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.

Splunk platform instance type Supported Required Actions required / Comments
Search Heads Yes Yes Install this add-on to all search heads where Cisco ASA knowledge management is required.
Indexers Yes Conditional Not required if you use heavy forwarders to collect data. Required if you use universal or light forwarders to collect data.
Heavy Forwarders Yes See comments This add-on supports forwarders of any type for data collection.
Universal Forwarders Yes See comments

Distributed deployment feature compatibility

This table describes the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Actions required
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but you must configure inputs on forwarders to avoid duplicate data collection.
Before installing this add-on to a cluster, make the following changes to the add-on package:
  1. Remove the eventgen.conf files and all files in the samples folder.
  2. Remove the inputs.conf file.
Indexer Clusters Yes Before installing this add-on to a cluster, make the following changes to the add-on package:
  1. Remove the eventgen.conf files and all files in the samples folder
  2. Remove the inputs.conf file.
Deployment Server Yes Supported for deploying the configured add-on to multiple nodes.


Install add-ons to all tiers.png

If the add-on contains: Dashboards or panels Search objects Props and transforms Inputs
It must be installed on search heads Yes Yes Yes No, except special cases
It must be installed on indexers No No Yes No
It must be installed on forwarders No No Yes No

For more information about how Splunk Enterprise components correlate to phases in the data pipeline, see "Configuration parameters and the data pipeline" in the Splunk Administration Guide.

Summary of limitations

Can install manually on Can install with a
deployment server on
Can install on a
Search Head Cluster
Search heads Indexers Forwarders Indexers Forwarders
Add-on collects remote data using modular or scripted input Yes Yes Yes Yes No See notes*
Add-on uses credential management Yes Yes Yes Yes No See notes**

* You can install add-ons on a search head cluster for all search-time functionality, but inputs should be configured on a forwarder to avoid duplicate data collection.

** Add-ons that use credential management can be installed on a search head cluster only in one of these circumstances:

  • You are using Splunk platform 6.3.X or later.
  • You are using Splunk platform 6.2.X, and the credentials are not required on the search heads. If credentials are required only for data collection, set up a forwarder to handle the inputs and configure the credentials on that node. Some add-ons do require the search heads to communicate directly with a third-party system using stored credentials. These add-ons are not supported on search head clusters in 6.2.X.
Last modified on 22 July, 2022
PREVIOUS
Installation and configuration overview for the Splunk Add-on for Cisco ASA
  NEXT
Install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters