Splunk® Supported Add-ons

Splunk Add-on for McAfee ePO Syslog

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk Add-on for McAfee ePO Syslog

  1. Download the Splunk Add-on for McAfee ePO Syslog at Splunk Add-on for McAfee ePO Syslog from Splunkbase.
  2. Determine where and how to install this add-on in your deployment, using the tables on this page.
  3. Perform any prerequisite steps before installing, if required and specified in the tables below.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to Splunk Cloud, distributed deployment, or a single-instance deployment.

Distributed deployment

Use the tables in this topic to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

In a distributed deployment, this add-on must be deployed to all tiers in order to use all functionality. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.

Splunk platform instance type Supported Required Actions required / Comments
Search Heads Yes Yes Install this add-on to all search heads where McAfee ePO Syslog knowledge management is required.
Indexers Yes No The add-on must be installed on indexers if you use universal or light forwarders for data collection.
Heavy Forwarders Yes Yes If you are using a Heavy forwarder, you must install McAfee ePO Syslog.
Universal Forwarders Yes See comments Supported for syslog inputs only.

Distributed deployment feature compatibility

This table describes the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Actions required / Comments
Search Head Clusters Yes In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work.
Indexer Clusters Yes In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work.
Deployment Server Yes In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Last modified on 06 September, 2022
PREVIOUS
Hardware and software requirements for the Splunk Add-on for McAfee ePO Syslog
  NEXT
Configure inputs using TCP or UDP

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters