Splunk® App for CEF

Deploy and Use Splunk App for CEF

Download manual as PDF

Download topic as PDF

Install the Splunk App for CEF

Use the tables below to determine where and how to install this app in a Splunk platform deployment, then follow the instructions to install the app.

Note: The following instructions refer to the app only. When you use the app to map data to the CEF standard, the app creates the Splunk Add-on for CEF Output, which you must install on your indexers. For instructions on installing the Splunk Add-on for CEF Output, see Install the Splunk Add-on for CEF Output.

Plan your installation

Where to install the app

Use the following table to determine where to install this app in a Splunk platform distributed deployment.

Splunk instance type Install here Comments
Search Heads Yes Install this app on at least one Splunk platform search head.
Indexers No The app does not contain index-time transformations. The app creates an index that is used only for routing and requires no configuration.
Forwarders No The app does not contain inputs for forwarder data collection.

Distributed deployment feature compatibility

Use the following table to check the compatibility of the app with Splunk platform distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes Use the search head cluster deployer to distribute the Splunk App for CEF to search head cluster members. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search Manual.
Indexer Clusters Yes The Splunk App for CEF is supported in environments with indexer clusters, but you do not need to deploy the Splunk App for CEF to indexers.
Deployment Server Yes The app can be installed to unclustered search heads using the deployment server.

Install the app

Note: The following instructions refer to manual installations to a single search head. If you have a search head cluster, use the search head cluster deployer to distribute the Splunk App for CEF to search head cluster members. For those instructions, see Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search Manual.

Install the app using Splunk Web

  1. Log on to your search head.
  2. From the Splunk Web home view, click the gear icon next to Apps.
  3. Click Browse more apps.
  4. On the Browse more apps page, locate the Splunk App for CEF in the list and click Install.
  5. Provide your splunk.com credentials.
  6. Accept the license terms.
  7. Click Login and Install.
  8. Click Done.

Install the app from a downloaded file

  1. Go to https://splunkbase.splunk.com/app/1847/ and click Download.
  2. Log on to your Splunk search head.
  3. From the Splunk Web home view, click the gear icon next to Apps.
  4. Click Install App from file.
  5. On the Upload app page, click the Choose file button to locate the app.
  6. Click Upload.
  7. Click Done.
Last modified on 23 July, 2018
PREVIOUS
Performance expectations for the Splunk App for CEF
  NEXT
Upgrade an existing installation of the Splunk App for CEF

This documentation applies to the following versions of Splunk® App for CEF: 2.1.0, 2.2.0, 2.3.0


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters