Install the Splunk Add-on for Symantec DLP
Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise. See the installation walkthrough section at the bottom for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.
Distributed installation of this add-on
This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.
Splunk instance type | Supported | Required | Comments |
---|---|---|---|
Search Heads | Yes | Yes | Install this add-on to all search heads where Symantec DLP knowledge management is required. |
Indexers | Yes | No | Not required, because this add-on does not include any index-time operations. |
Heavy Forwarders | Yes | No | Any kind of forwarder can be used. Forwarder needs to be installed directly on the Symantec DLP server for file monitoring*. If listening over a network port, forwarder does not need to be installed directly on the Symantec DLP server. |
Universal Forwarders | Yes | No | Any kind of forwarder can be used. Forwarder needs to be installed directly on the Symantec DLP server for file monitoring*. If listening over a network port, forwarder does not need to be installed directly on the Symantec DLP server. |
*When using a file monitor input, the syslog file can be copied to the machine where the forwarder is installed as an alternative to installing the forwarder on the Symantec DLP server.
Distributed deployment compatibility
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
Distributed deployment feature | Supported | Comments |
---|---|---|
Search Head Clusters | Yes | You can install this add-on on a search head cluster for all search-time functionality. Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
|
Indexer Clusters | Yes | Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
|
Deployment Server | Yes | Supported for deploying the configured add-on. |
Installation walkthrough
See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:
Installation overview for the Splunk Add-on for Symantec DLP | Configure Symantec DLP to send syslog data |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!