Splunk® Quick Start Bundles

Splunk Quick Start Bundles

Download manual as PDF

Download topic as PDF

Splunk Quick Start Bundle for Security Investigation - Infrastructure

Splunk Quick Start Bundles are offerings you can purchase though Splunk Sales. Each bundle includes a Splunk Enterprise license, Splunk Education units, ticket(s) to .conf, and a fixed quantity of Splunk Professional Services work. Further, they can include recommendations for specific apps and add-ons you may wish to download and install.

Access the data sheet or contact Splunk Sales to learn more about this Splunk Quick Start Bundle.

Installation Overview

If you have purchased the Splunk Quick Start Bundle for Security Investigation - Infrastructure, follow these instructions for a smooth deployment.

  1. Look for an email from Splunk Order Management. Review the license and components that you have purchased; refer to Components below. Contact your Splunk Sales Representative if your order email is inaccurate.
  2. Prepare your operating environment. Review the Compatibility section and ensure that your operating environment adheres to the specifications.
  3. Review the list of apps and add-ons that your Quick Start Bundle recommends installing.
  4. Contact your Splunk Sales Representative to arrange a call with a Splunk Customer Success Manager (CSM).
  5. With the CSM, schedule a kick-off call and arrange for a remote deployment engagement with a Professional Services Engineer. Prepare any questions you might have for your Professional Services Engineer.
  6. Follow the advice of the CSM and prepare all information required for your remote deployment engagement.
  7. Attend your remote deployment engagement. Work with your Splunk Professional Services Engineer on your scheduled date(s).
  8. After the Professional Services Engineer has completed your deployment, review the additional sections in this documentation to learn more about your Quick Start Bundle. Direct any of your questions to Splunk Customer Support.

Components

Splunk Enterprise

term license

Professional Services

(days)

Customer Success

Manager (days)

Education units .conf passes
20 GB/day 3 1 10 1
50 GB/day 4 1 20 1
100 GB/day 5 1 20 2

Your Splunk Enterprise term license includes Splunk Customer Support.

Compatibility

The Splunk Quick Start Bundle for Security Investigation - Infrastructure is compatible with the following Splunk products. Splunk products.

Splunk Enterprise 6.5.x or later

Single-instance deployment only

Splunk Cloud not compatible


Professional Services remote deployment engagement

This Quick Start Bundle includes the services of a Splunk Professional Services Engineer and Customer Success Manager. They work with you to complete the following tasks:

  1. Conduct a remote deployment engagement kick-off call.
  2. Conduct an architecture planning session.
  3. Install and configure your single instance of Splunk Enterprise.
  4. Deploy up to eight apps and add-ons and set up rsyslog.
  5. Validate that your instance is collecting data properly.
  6. Time permitting, offer insight in exploring your data.
  7. Conduct a follow-up call (CSM only).

Consult your quote for more details about your Splunk Professional Services engagement.

Redeem Splunk Education units

Following your order confirmation, you will receive an email from Splunk which includes a PDF attachment titled “Elearning agreement”. This document provides you with the instructions for redeeming your Education Units.


Obtain .conf passes

Contact your Splunk Sales Representative or the Splunk reseller from whom you purchased the bundle to obtain the .conf passes included with your bundle.


Download, install, and configure apps and add-ons

The licenses that this bundle includes enables you to use several Splunk apps and add-ons. Install and configure the apps and add-ons individually.

1. From Splunkbase, download as many of the following apps and add-ons as you like:

Alternatively, you can browse and install apps and add-ons from within your instance of Splunk Enterprise. See Where to get more apps and add-ons in the Admin Manual.


2. Install each app and add-on individually on your instance of Splunk Enterprise.

App or add-on Installation instructions
Splunk Add-on for Blue Coat ProxySG

a. Installation overview for the Splunk Add-on for Blue Coat ProxySG

b. Install an add-on in a single-instance Splunk Enterprise deployment

Splunk Add-on for Bro IDS Install an add-on in a single-instance Splunk Enterprise deployment
Splunk Add-on for Cisco ASA

a. Installation and configuration overview for the Splunk Add-on for Cisco ASA

b. Install the Splunk Add-on for Cisco ASA

Splunk Add-on for Cisco WSA

a. Installation overview for the Splunk Add-on for Cisco ASA

b. Install the Splunk Add-on for Cisco WSA

FireEye Add-on for Splunk Enterprise This is a Community Supported product. Refer to Details on Splunkbase.
FireEye App for Splunk Enterprise v3 This is a Community Supported product. Refer to Details on Splunkbase.
Fortinet FortiGate Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Fortinet FortiGate App for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Palo Alto Networks Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Palo Alto Networks App for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.


3. Follow the configuration instructions for each app and add-on to set up each product individually and start getting data in to your Splunk Enterprise instance.

App or add-on Configuration instructions
Splunk Add-on for Blue Coat ProxySG

a. Configure logging in your Blue Coat ProxySG appliance for the Splunk Add-on for Blue Coat ProxySG

b. Configure inputs for the Splunk Add-on for Blue Coat ProxySG

Splunk Add-on for Bro IDS Configure inputs for the Splunk Add-on for Bro IDS
Splunk Add-on for Cisco ASA Configure inputs for the Splunk Add-on for Cisco ASA
Splunk Add-on for Cisco WSA

a. Configure inputs for the Splunk Add-on for Cisco WSA.

b. Configure field extractions for W3C log formats for the Splunk Add-on for Cisco WSA

FireEye Add-on for Splunk Enterprise This is a Community Supported product. Refer to Details on Splunkbase.
FireEye App for Splunk Enterprise v3 This is a Community Supported product. Refer to Details on Splunkbase.
Fortinet FortiGate Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Fortinet FortiGate App for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Palo Alto Networks Add-on for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.
Palo Alto Networks App for Splunk This is a Developer Supported product. Refer to Details on Splunkbase.

Contact Splunk Customer Support

Following your order confirmation, you will receive an email from Splunk which includes a PDF attachment titled “Welcome to Splunk Enterprise Support”. This document provides you with the instructions for contacting Splunk Customer Support if you need help after your remote deployment engagement.

PREVIOUS
Splunk Quick Start Bundle for Application Management
  NEXT
Splunk Quick Start Bundle for Security Investigation - Endpoint

This documentation applies to the following versions of Splunk® Quick Start Bundles: 1.0.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters