Splunk UBA Monitoring app requirements
The Splunk UBA Monitoring app requires the following combination of Splunk UBA with Splunk Enterprise:
Splunk UBA Monitoring App Version | Splunk UBA Version | Splunk Enterprise Version |
---|---|---|
Splunk UBA Monitoring app 1.0.0 | Splunk UBA 4.3.0 | Splunk Enterprise 7.0 or later |
Splunk UBA Monitoring app 1.1 | Splunk UBA 5.0.3 | Splunk Enterprise 7.0 or later |
The Splunk UBA Monitoring app is not supported on Splunk Cloud.
Additional requirements for the Splunk UBA Monitoring app:
- The Splunk UBA Monitoring app forwards data to the
_internal
index on Splunk Enterprise. Users of the Splunk UBA Monitoring app must have read access to the_internal
index in order to see any data when using the app. Users with theadmin
role have this permission by default. Non-admin users can be granted this access by qualifiedadmin
users. See About users and roles in the Splunk Enterprise Admin Manual. - The forwarder on Splunk UBA connects to the Splunk Enterprise receiver on port 9997 by default. The receiver on Splunk Enterprise must be enabled to receive data from the forwarder on Splunk UBA. See Enable a receiver in the Splunk Enterprise Forwarding Data manual.
About the Splunk UBA Monitoring app | Install the Splunk UBA Monitoring App |
This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1
Feedback submitted, thanks!