Install the Splunk Add-on for McAfee ePO Syslog
- Download the Splunk Add-on for McAfee ePO Syslog at Splunk Add-on for McAfee ePO Syslog from Splunkbase.
- Determine where and how to install this add-on in your deployment, using the tables on this page.
- Perform any prerequisite steps before installing, if required and specified in the tables below.
- Complete your installation.
If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to Splunk Cloud, distributed deployment, or a single-instance deployment.
Distributed deployment
Use the tables in this topic to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.
Where to install this add-on
In a distributed deployment, this add-on must be deployed to all tiers in order to use all functionality. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform.
| Splunk platform instance type | Supported | Required | Actions required / Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | Install this add-on to all search heads where McAfee ePO Syslog knowledge management is required. |
| Indexers | Yes | No | The add-on must be installed on indexers if you use universal or light forwarders for data collection. |
| Heavy Forwarders | Yes | Yes | If you are using a Heavy forwarder, you must install McAfee ePO Syslog. |
| Universal Forwarders | Yes | See comments | Supported for syslog inputs only. |
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features.
| Distributed deployment feature | Supported | Actions required / Comments |
|---|---|---|
| Search Head Clusters | Yes | In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work. |
| Indexer Clusters | Yes | In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work. |
| Deployment Server | Yes | In a distributed deployment, this add-on must be deployed to these tiers in order for all functionality included in the add-on to work. |
Installation walkthroughs
The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:
| Hardware and software requirements for the Splunk Add-on for McAfee ePO Syslog | Configure inputs using TCP or UDP |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!