Splunk® Supported Add-ons

Splunk Add-ons

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About installing Splunk add-ons

Use this guide to install any Splunk-supported add-on to your Splunk platform. Also be sure to consult the specific installation instructions for an individual add-on if they are available.

Before you install an add-on

  1. Find the add-on that you want on Splunkbase.
  2. Read the documentation to verify that the add-on satisfies your use case and works for the version of software that you are using.
  3. Verify that your hardware and software meet the specific requirements specified in the documentation for the add-on.
  4. See the installation overview in the documentation for the add-on to familiarize yourself with the configuration steps necessary on the vendor software side and within your Splunk platform.
  5. See the installation instructions for the specific add-on to determine where you must install the add-on and to review additional requirements that might affect your installation.

Installation instructions

Download the add-on and install it on your Splunk platform, following the guide that matches your deployment scenario:

If you have questions about on what tiers of your Splunk platform architecture you must install a particular add-on and why, see Where to install Splunk add-ons. However, unless otherwise stated, you can safely install Splunk-supported add-ons to all tiers of your Splunk platform deployment without causing any problems.

Special considerations for using a deployment server to install an add-on

You can use the deployment server to install an add-on to your forwarders only if the add-on supports deployment servers for data collection nodes. Check the deployment instructions for each individual add-on to verify whether deployment servers are supported.

If the add-on uses modular or scripted inputs to collect data from remote sources, using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes duplication of data. This limitation applies to third-party deployment solutions as well as the deployment server.

You can safely use a deployment server to deploy unconfigured add-ons.

For more information about using a deployment server, see About deployment server and forwarder management in the Splunk Enterprise documentation.

Special considerations for using add-ons on search head clusters

Unless otherwise noted, add-ons are supported on search head clusters for search-time functionality, but not for data collection. To avoid creating duplicate inputs, do not configure inputs in a search head cluster.

Some add-ons require you to configure credentials and other settings on your search heads. For example, if the add-on includes workflow actions or search commands that require the search head to authenticate with the third-party technology, you must provide those credentials on your search heads. Configuring credentials on a search head cluster is supported for Splunk platform version 6.3 and later but not for previous versions.

If any step in your add-on configuration requires you to access a Setup page on a search head cluster node, click Settings > Show All Settings so that you can see the Setup link on your search head cluster node.

Summary of limitations

Can install manually on Can install with a
deployment server on
Can install on a
Search Head Cluster
Search heads Indexers Forwarders Indexers Forwarders
Add-on collects remote data via modular or scripted input Yes Yes Yes Yes No See notes*
Add-on uses credential management Yes Yes Yes Yes No See notes**

* You can install add-ons on a search head cluster for all search-time functionality, but inputs should be configured on a forwarder to avoid duplicate data collection.

** Add-ons that use credential management can be installed on a search head cluster only in one of these circumstances:

  • You are using Splunk platform 6.3.X or later.
  • You are using Splunk platform 6.2.X, and the credentials are not required on the search heads. If credentials are required only for data collection, set up a forwarder to handle the inputs and configure the credentials on that node. Some add-ons do require the search heads to communicate directly with a third-party system using stored credentials. These add-ons are not supported on search head clusters in 6.2.X.
Last modified on 21 July, 2021
PREVIOUS
Support and resource links for add-ons
  NEXT
Where to install Splunk add-ons

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters