Related Answers
Download topic as PDF
Splunk UBA Monitoring App requirements
Review the following guidelines before installing the Splunk UBA Monitoring App:
| Guideline | Description |
|---|---|
| Verify app compatibility requirements | Verify the compatibility requirements for the Splunk platform, Splunk UBA, and the Splunk UBA Monitoring App. See the Splunk UBA product compatibility matrix in the Plan and Scale your Splunk UBA Deployment manual. |
Verify read access to the _internal index
|
The Splunk UBA Monitoring App forwards data to the _internal index on the Splunk platform. Users of the Splunk UBA Monitoring App must have read access to the _internal index in order to see any data when using the app. Users with the admin role in Splunk Enterprise or sc_admin role in Splunk Cloud Platform have this permission by default. Non-admin users can be granted this access by qualified admin or sc_admin users.
|
| Splunk UBA forwarder connection | The forwarder on Splunk UBA connects to the Splunk platform receiver on port 9997 by default. The receiver on Splunk Enterprise must be enabled to receive data from the forwarder on Splunk UBA. See Enable a receiver in the Splunk Enterprise Forwarding Data manual. |
| Splunk Add-on for Unix and Linux | Install the Splunk Add-on for Unix and Linux on Splunk Enterprise. Without the Splunk Add-on for Unix and Linux some Splunk UBA Monitoring App dashboards might not work. |
Last modified on 22 April, 2024
|
PREVIOUS Share data in the Splunk UBA Monitoring App |
NEXT Install the Splunk UBA Monitoring App |
This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1.2, 1.1.3
Feedback submitted, thanks!