Install the Splunk Add-on for Cisco ASA
This topic provides an overview of installing your add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in.
Where to install this add-on
Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.
|Splunk platform instance type||Supported||Required||Actions required / Comments|
|Search Heads||Yes||Yes||Install this add-on to all search heads where Cisco ASA knowledge management is required.|
|Indexers||Yes||Conditional||Not required if you use heavy forwarders to collect data. Required if you use universal or light forwarders to collect data.|
|Heavy Forwarders||Yes||See comments||This add-on supports forwarders of any type for data collection.|
|Universal Forwarders||Yes||See comments|
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features.
|Distributed deployment feature||Supported||Actions required|
|Search Head Clusters||Yes||You can install this add-on on a search head cluster for all search-time functionality, but you must configure inputs on forwarders to avoid duplicate data collection. |
Before installing this add-on to a cluster, make the following changes to the add-on package:
|Indexer Clusters||Yes||Before installing this add-on to a cluster, make the following changes to the add-on package:
|Deployment Server||Yes||Supported for deploying the configured add-on to multiple nodes.|
|If the add-on contains:||Dashboards or panels||Search objects||Props and transforms||Inputs|
|It must be installed on search heads||Yes||Yes||Yes||No, except special cases|
|It must be installed on indexers||No||No||Yes||No|
|It must be installed on forwarders||No||No||Yes||No|
For more information about how Splunk Enterprise components correlate to phases in the data pipeline, see "Configuration parameters and the data pipeline" in the Splunk Administration Guide.
Summary of limitations
|Can install manually on||Can install with a
deployment server on
|Can install on a|
Search Head Cluster
|Add-on collects remote data using modular or scripted input||Yes||Yes||Yes||Yes||No||See notes*|
|Add-on uses credential management||Yes||Yes||Yes||Yes||No||See notes**|
* You can install add-ons on a search head cluster for all search-time functionality, but inputs should be configured on a forwarder to avoid duplicate data collection.
** Add-ons that use credential management can be installed on a search head cluster only in one of these circumstances:
- You are using Splunk platform 6.3.X or later.
- You are using Splunk platform 6.2.X, and the credentials are not required on the search heads. If credentials are required only for data collection, set up a forwarder to handle the inputs and configure the credentials on that node. Some add-ons do require the search heads to communicate directly with a third-party system using stored credentials. These add-ons are not supported on search head clusters in 6.2.X.
Installation and configuration overview for the Splunk Add-on for Cisco ASA
Install the Splunk Add-on for Cisco ASA on to your Splunk Cloud deployment
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released