Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA


Install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment

Note the following when you install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment:

  • The Cisco ASA device can use TCP as the syslog transport, and can maintain an open TCP port with the syslog-ng server.
  • Do not place a load balancer between the ASA and the syslog server.
  • Implement the following DNS configurations:
    • For each IP address assigned for management of the ASA, ensure both address (A) records and record route (R) records exist and match.
    • For each egress NAT address assigned to the device, ensure address and record route records exist and match.
    • For each ingress NAT address assigned to the device, ensure the record route record matches the internal destination address. The address record for this IP is not required.
  • Download the Splunk Add-on for Cisco ASA on Splunkbase.

Install on your Splunk Cloud deployment using self-service

Install an add-on on search heads and indexers in a Splunk Cloud deployment using the self-service app install process.

In Splunk Cloud deployments, inputs must be configured on forwarders under your control.

  1. In the Splunk Web home page, click the gear icon next to Apps.
  2. Click Install Apps.
  3. Select Install to install the add-on. If the add-on that you want is not listed, or if the add-on indicates self-service installation is not supported, contact Splunk Support.
  4. Complete the installation. When you install an add-on with declared dependencies, Splunk Cloud automatically resolves its dependencies through Splunkbase. To learn more about declaring dependencies, see the Splunk Packaging Toolkit

Install an add-on on to your forwarders using a deployment server

Use your deployment server to distribute content and configurations (collectively called deployment apps) to deployment clients, grouped into server classes. Deployment apps can be full-fledged apps, such as those available on Splunkbase, or they can be just simple groups of configurations.

Deploy an add-on to your deployment clients

  1. On your deployment server, navigate to $SPLUNK_HOME/etc/deployment-apps/.
  2. Add your add-on to the /deployment-apps/ directory.
  3. Extract the add-on.
  4. Navigate to $SPLUNK_HOME/etc/deployment-apps/<APP NAME>/default/inputs.conf.
  5. Add inputs for the data you want to collect.
  6. Save your changes.
  7. Restart the deployment server: /splunk restart.

View app deployment status

The Apps tab provides information on the number of clients that each app was deployed to. Click on an app to go to a detailed page for that app. The App Data Size field specifies the size of the app bundle. The bundle is a compressed file containing the app. Once a client receives a bundle, it uncompresses it and installs the app in its proper location.

Last modified on 29 May, 2024
Install the Splunk Add-on for Cisco ASA   Install the Splunk Add-on for Cisco ASA in a distributed Splunk Enterprise deployment

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters