Splunk® Supported Add-ons

Splunk Add-on for CrowdStrike FDR

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Hardware and software requirements for the Splunk Add-in for CrowdStrike FDR

The modular input for Splunk Add-on for CrowdStrike FDR must be installed on a heavy forwarder, Inputs Data Manager (IDM), or search head. This lets you collect data and push it to a Splunk index.

For Splunk Enterprise Victoria, modular inputs are installed and running at the search heads. These modular inputs by default are configured with run_only_one = false, which tells the Victoria stack to run each created input at every search head host of the cluster

Splunk platform requirements

Because this add-on runs on the Splunk platform, the system requirements also apply for the Splunk software on which you install the Splunk Add-on for Crowdstrike FDR.

  • For Splunk Enterprise system requirements: see System Requirements in the Splunk Enterprise Installation Manual.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
  • If you are using an IDM see Install an add-on in Splunk Cloud
Last modified on 14 December, 2023
About the Splunk Add-on for CrowdStrike
Installation and configuration overview for the Splunk Add-on for Crowdstrike FDR

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters