Install the Splunk App for PCI Compliance
Before you install the app, make sure you have satisfied the install prerequisites for both Splunk Enterprise and the Splunk App for PCI Compliance. See Install prerequisites in this manual.
Download the app
- Browse to splunk.com and log in with your Splunk.com ID. You must be a licensed Splunk App for PCI Compliance customer to download the product.
- Download the Splunk App for PCI Compliance from Splunkbase.
- If you have Splunk Enterprise Security installed, install the Splunk App for PCI Compliance (for Splunk Enterprise Security).
- If you do not have Splunk Enterprise Security installed, install the Splunk App for PCI Compliance (for Splunk Enterprise).
- Choose Download, and save the app file to your desktop.
- Log in to the search head as an administrator.
Install the app
The installer is bigger than the default upload limit for Splunk Web.
- Increase the Splunk Web upload limit by creating a file called
$SPLUNK_HOME/etc/system/local/web.confwith the following stanza.[settings]
max_upload_size = 1024 // increases SplunkWeb upload limit to 1GB
- To restart Splunk from the Splunk toolbar, select Settings > Server controls and click Restart Splunk.
- On the Splunk Enterprise search page, select Apps > Manage Apps and click Install App from File.
Caution: Install the Splunk App for PCI Compliance (for Splunk Enterprise Security) on the same instance as Splunk Enterprise Security. If you do not install it on the same instance as Splunk Enterprise Security, the Splunk App for PCI Compliance (for Splunk Enterprise Security) will not work.
- Select Choose File and browse to the Splunk App for PCI Compliance product file.
- Select Upload to begin the installation.
Set up the App
When the installation is successful, you're prompted to set up the app now or later.
- Click Set up now.
- (Optional) Choose whether to disable or exclude technology add-ons from installation.
- Click Start Configuration Process then wait until it completes the entire installation.
- Click Restart Splunk to restart your instance of Splunk platform.
- Access Splunk Web from https and log in.
You can add data to the Splunk App for PCI compliance in two ways.
- Use data from preconfigured add-ons such as TA-bluecoat.
- Create custom add-ons to capture specific data in your environment.
Configure the app
To configure the app, click Configure in the menu bar. Follow the Steps to configure in this manual to begin setting up the Splunk App for PCI Compliance for your cardholder data environment.
Install technology add-ons
This documentation applies to the following versions of Splunk® App for PCI Compliance: 4.0.0, 4.0.1, 4.1.0