About installing Splunk add-ons
Use this guide to install any Splunk-supported add-on to your Splunk platform. Also be sure to consult the specific installation instructions for an individual add-on if they are available.
Before you install an add-on
- Find the add-on that you want on Splunkbase.
- Read the documentation to verify that the add-on satisfies your use case and works for the version of software that you are using.
- Verify that your hardware and software meet the specific requirements specified in the documentation for the add-on.
- See the installation overview in the documentation for the add-on to familiarize yourself with the configuration steps necessary on the vendor software side and within your Splunk platform.
- See the installation instructions for the specific add-on to determine where you must install the add-on and to review additional requirements that might affect your installation.
Download the add-on and install it on your Splunk platform, following the guide that matches your deployment scenario:
- Install an add-on in a single-server Splunk Enterprise
- Install an add-on in a distributed Splunk Enterprise
- Install an add-on in Splunk Cloud
- Install an add-on in Splunk Light
If you have questions about on what tiers of your Splunk platform architecture you must install a particular add-on and why, see Where to install Splunk add-ons. However, unless otherwise stated, you can safely install Splunk-supported add-ons to all tiers of your Splunk platform deployment without causing any problems.
Special considerations for using a deployment server to install an add-on
You can use the deployment server to install an add-on to your forwarders only if the add-on supports deployment servers for data collection nodes. Check the deployment instructions for each individual add-on to verify whether deployment servers are supported.
If the add-on uses modular or scripted inputs to collect data from remote sources, using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes duplication of data. This limitation applies to third-party deployment solutions as well as the deployment server.
You can safely use a deployment server to deploy unconfigured add-ons.
For more information about using a deployment server, see About deployment server and forwarder management in the Splunk Enterprise documentation.
Special considerations for using add-ons on search head clusters
Unless otherwise noted, add-ons are supported on search head clusters for search-time functionality, but not for data collection. To avoid creating duplicate inputs, do not configure inputs in a search head cluster.
Some add-ons require you to configure credentials and other settings on your search heads. For example, if the add-on includes workflow actions or search commands that require the search head to authenticate with the third-party technology, you must provide those credentials on your search heads. Configuring credentials on a search head cluster is supported for Splunk platform version 6.3 and later but not for previous versions.
If any step in your add-on configuration requires you to access a Setup page on a search head cluster node, click Settings > Show All Settings so that you can see the Setup link on your search head cluster node.
Summary of limitations
|Can install manually on||Can install with a
deployment server on
|Can install on a|
Search Head Cluster
|Add-on collects remote data via modular or scripted input||Yes||Yes||Yes||Yes||No||See notes*|
|Add-on uses credential management||Yes||Yes||Yes||Yes||No||See notes**|
* You can install add-ons on a search head cluster for all search-time functionality, but inputs should be configured on a forwarder to avoid duplicate data collection.
** Add-ons that use credential management can be installed on a search head cluster only in one of these circumstances:
- You are using Splunk platform 6.3.X or later.
- You are using Splunk platform 6.2.X, and the credentials are not required on the search heads. If credentials are required only for data collection, set up a forwarder to handle the inputs and configure the credentials on that node. Some add-ons do require the search heads to communicate directly with a third-party system using stored credentials. These add-ons are not supported on search head clusters in 6.2.X.
Support and resource links for add-ons
Where to install Splunk add-ons
This documentation applies to the following versions of Splunk® Supported Add-ons: released