Splunk® Supported Add-ons

Splunk Add-on for Cisco FireSIGHT

Install the Splunk Add-on for Cisco FireSIGHT

  1. Get the Splunk Add-on for Cisco FireSIGHT by downloading it from http://splunkbase.splunk.com/app/1808 or browsing to it using the app browser within Splunk Web.
  2. Determine where and how to install this add-on in your deployment, using the tables on this page.
  3. Perform any prerequisite steps before installing, if required and specified in the tables below.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthrough section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.

Distributed deployments

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.

Splunk platform instance type Supported Required Actions required / Comments
Search Heads Yes Yes Install this add-on to all search heads where Cisco FireSIGHT knowledge management is required.
Indexers Yes Conditional Not required if you use heavy forwarders to collect data. Required if you use universal or light forwarders to collect data.
Heavy Forwarders Yes See comments This add-on supports forwarders of any type for data collection.
Universal Forwarders Yes
Light Forwarders Yes

Distributed deployment feature compatibility

This table describes the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Actions required
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but only configure inputs on a forwarder to avoid duplicate data collection.
Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Indexer Clusters Yes Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Deployment Server Yes Supported for deploying the add-on to indexers.

Installation walkthrough

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

Last modified on 13 July, 2021
Installation overview for the Splunk Add-on for Cisco FireSIGHT   Configure inputs for the Splunk Add-on for Cisco FireSIGHT

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters