Hardware and software requirements for the Splunk Add-in for CrowdStrike FDR
The modular input for Splunk Add-on for CrowdStrike FDR must be installed on a heavy forwarder, Inputs Data Manager (IDM), or search head. This lets you collect data and push it to a Splunk index.
For Splunk Enterprise Victoria, modular inputs are installed and running at the search heads. These modular inputs by default are configured with run_only_one = false
, which tells the Victoria stack to run each created input at every search head host of the cluster
Splunk platform requirements
Because this add-on runs on the Splunk platform, the system requirements also apply for the Splunk software on which you install the Splunk Add-on for Crowdstrike FDR.
- For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
- If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
- If you are using an IDM see Install an add-on in Splunk Cloud
PREVIOUS About the Splunk Add-on for CrowdStrike |
NEXT Installation and configuration overview for the Splunk Add-on for Crowdstrike FDR |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!