Splunk® Supported Add-ons

Splunk Add-on for Carbon Black


Install the Splunk Add-on for Carbon Black

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise. See the installation walkthrough section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed installation of this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where Carbon Black knowledge management is required.
Indexers Yes Conditional Not required if you use heavy forwarders to monitor Carbon Black data. Required if you use universal or light forwarders to collect data.
Heavy Forwarders Yes See comments This add-on supports forwarders of any type for data collection. If installed on heavy forwarders, does not need to be installed on indexers.
Universal Forwarders Yes See comments This add-on supports forwarders of any type for data collection. You must also install this add-on on your indexers if you use a universal forwarder rather than a heavy forwarder to monitor Bit9 Carbon Black output.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality. You can only configure inputs on a forwarder to avoid duplicate data collection.
Indexer Clusters Yes
Deployment Server Yes Supported for deploying the configured add-on.

Installation walkthrough

See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Last modified on 15 March, 2022
Installation and configuration overview for the Splunk Add-on for Carbon Black   Upgrade the Splunk Add-on for Carbon Black

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters