Splunk® Supported Add-ons

Splunk Add-on for Symantec DLP

Download manual as PDF

Download topic as PDF

Install the Splunk Add-on for Symantec DLP

Use the tables below to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise. See the installation walkthrough section at the bottom for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed installation of this add-on

This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.

Splunk instance type Supported Required Comments
Search Heads Yes Yes Install this add-on to all search heads where Symantec DLP knowledge management is required.
Indexers Yes No Not required, because this add-on does not include any index-time operations.
Heavy Forwarders Yes No Any kind of forwarder can be used. Forwarder needs to be installed directly on the Symantec DLP server for file monitoring*. If listening over a network port, forwarder does not need to be installed directly on the Symantec DLP server.
Universal Forwarders Yes No Any kind of forwarder can be used. Forwarder needs to be installed directly on the Symantec DLP server for file monitoring*. If listening over a network port, forwarder does not need to be installed directly on the Symantec DLP server.
Light Forwarders Yes No Any kind of forwarder can be used. Forwarder needs to be installed directly on the Symantec DLP server for file monitoring*. If listening over a network port, forwarder does not need to be installed directly on the Symantec DLP server.

*When using a file monitor input, the syslog file can be copied to the machine where the forwarder is installed as an alternative to installing the forwarder on the Symantec DLP server.

Distributed deployment compatibility

This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality.
Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Indexer Clusters Yes Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder.
Deployment Server Yes Supported for deploying the configured add-on.

Installation walkthrough

See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios:

Last modified on 28 January, 2016
PREVIOUS
Installation overview for the Splunk Add-on for Symantec DLP
  NEXT
Configure Symantec DLP to send syslog data

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters