Add-ons

A number of add-ons are provided within the Splunk App for Enterprise Security so that you can start mapping your data right away.

The provided add-ons include:

Find out more about these out-of-the-box add-ons in the Data Source Integration Manual

You can download additional apps from Splunk Apps, provided they are compatible with the Splunk App for Enterprise Security.

Updated add-ons

An add-on used by the Splunk App for Enterprise Security may be updated independent of the Enterprise Security App, and made available on Splunk Apps.

Update the app from within Splunk

To check for a newer version, go to Manage Apps from the Splunk menu. If there is an updated version of an add-on, there will be a link similar to this: 4.6.0|Update to 4.6.3 in the Version column.

1. To update your existing add-on with the newer one, click the link in the version column.

2. A window will confirm that there is an updated version of the add-on. Click Update to get the newer version.

3. You may need to restart Splunk to install the add-on. Click Restart.

Note: You will need to be logged into Splunk.com to download the add-on.

Update the app manually

You can also download the newer add-on directly from Splunk Apps.

1. Go to Splunk Apps and find the new version of the add-on. Download the add-on to your desktop or local directory. For example, download the Splunk for Unix and Linux add-on from Splunk Apps.

2. Install the add-on by navigating to Manage Apps > Install app from file from the Splunk Home page. Browse to the add-on location and select the add-on.

Be sure to select Upgrade app... so that the newer version of the add-on overwrites the older one. Click Upload.

3. You may need to restart Splunk to install the add-on. Click Restart.