Install the app manually
You can manually install the Splunk App for PCI Compliance. To install the app using the PCI Install App, see Install the Splunk App for PCI Compliance in this manual.
Before you install the app, make sure you have satisfied the install prerequisites for both Splunk Enterprise and the Splunk App for PCI compliance.
Step 1. Download the app and unzip the files
Download the PCI Installer App (
SplunkPCIComplianceSuiteInstaller.spl) from Splunkbase. You can un-archive this file to retrieve the Splunk App for PCI Compliance contents inside it.
You can un-archive the file using the Unix '
tar' command or using an archive utility that handles
.tar filetypes. The
spl file extracts to the PCI install App folder "SplunkPCIComplianceSuiteInstaller."
The actual PCI App contents are contained under:
Unzip these Splunk App for PCI Compliance files into a local temporary directory (
Step 2. Install the app
If your Splunk instance is currently running, ensure that it is stopped before proceeding.
Copy files from the
<temp-dir> into your
$SPLUNK_HOME/ directories. In the
<temp-dir>, find the following sub-directories and copy them as indicated:
- For apps: Copy the SplunkPCIComplianceSuite, DA-PCI-*, SA-* and selected Technology Add-ons from
- For deployment-apps: You can either copy over the entire contents of
$SPLUNK_HOME/etc/deployment-apps, or select only the deployment apps you use in your environment.
Apps are the domain add-ons, supporting add-ons, technology add-ons, and the other parts of the Splunk App for PCI Compliance solution.
A deployment app is a set of deployment content, including configuration files, deployed as a unit to clients of a server class. A deployment app might consist of a single configuration file, or it can consist of many files.
After installing, the deployment apps can be found at
Step 3. Start Splunk Enterprise
After you copy the contents of
<temp-dir>/etc/deployment-apps, start your configured version of Splunk Enterprise.
Open a web browser, navigate to Splunk Web (
https://localhost:8000), and log in. The first time you log in, the user name is
admin and the password is
Note: The Splunk App for PCI Compliance enables SSL, so you need to change the protocol in your web browser to "HTTPS" (for example,
Step 4. Set up the app
Click the Splunk Home tab in Splunk Web.
Click Setup next to PCI Compliance. Verify the settings on the Splunk App for PCI Compliance Setup page.
Click Save. You must restart Splunk Enterprise for the configuration changes to be applied.
If you click PCI Compliance without clicking Setup first, the App configuration message appears.
Click Continue to app setup page to go to the PCI Compliance Setup page. Verify the settings and click Save.
On the Splunk Web Home page, click PCI Compliance.
Step 5. Add data
With the Splunk App for PCI Compliance installed, review the options for how to get the data in:
- You can use data from pre-configured technology add-ons (for example TA-bluecoat). See "Using technology add-ons" in this manual for information on using pre-configured technology add-ons supplied by Splunk software.
- You can also create your own custom technology add-ons to capture specific data in your environment. See the Data Source Integration Manual for information on building your own Technology Add-on.
See "Data management overview" in this manual for more information.
Note: For testing, the sample PCI data generated by the SA-Eventgen add-on can be used. The SA-Eventgen can be enabled by setting
inputs.conf file or by going to Manager > Apps. Click Enable next to the app.
Step 6. Configure the app
To configure the app, click Configure in the menu bar from anywhere in the app.
Click App Settings to begin configuring the app. See "Steps to configure" in this manual to begin setting up the Splunk App for PCI Compliance for your cardholder data environment.
Install the Splunk App for PCI Compliance
Install technology add-ons
This documentation applies to the following versions of Splunk® App for PCI Compliance: 2.1.1