Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Install the Splunk App for PCI Compliance

Before you install the app, make sure you have satisfied the install prerequisites for both Splunk Enterprise and the Splunk App for PCI Compliance. See Install prerequisites in this manual.

Download the app

  1. Browse to splunk.com and log in with your Splunk.com ID. You must be a licensed Splunk App for PCI Compliance customer to download the product.
  2. Download the Splunk App for PCI Compliance from Splunkbase.
    1. If you have Splunk Enterprise Security installed, install the Splunk App for PCI Compliance (for Splunk Enterprise Security).
    2. If you do not have Splunk Enterprise Security installed, install the Splunk App for PCI Compliance (for Splunk Enterprise).
  3. Choose Download, and save the app file to your desktop.
  4. Log in to the search head as an administrator.

Install the app

The installer is bigger than the default upload limit for Splunk Web.

  1. Increase the Splunk Web upload limit by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.
    [settings]
    max_upload_size = 1024
  2. To restart Splunk from the Splunk toolbar, select Settings > Server controls and click Restart Splunk.
  3. On the Splunk Enterprise search page, select Apps > Manage Apps and click Install App from File.
    Caution: Install the Splunk App for PCI Compliance (for Splunk Enterprise Security) on the same instance as Splunk Enterprise Security. If you do not install it on the same instance as Splunk Enterprise Security, the Splunk App for PCI Compliance (for Splunk Enterprise Security) will not work.
  4. Select Choose File and browse to the Splunk App for PCI Compliance product file.
  5. Select Upload to begin the installation.

Set up the App

When the installation is successful, you're prompted to set up the app now or later.

  1. Click Set up now.
  2. (Optional) Choose whether to disable or exclude technology add-ons from installation.
  3. Click Start Configuration Process then wait until it completes the entire installation.
  4. Click Restart Splunk to restart your instance of Splunk platform.
  5. Access Splunk Web from https and log in.

Add data

You can add data to the Splunk App for PCI compliance in two ways.

  • Use data from preconfigured add-ons such as TA-bluecoat.
  • Create custom add-ons to capture specific data in your environment.

Configure the app

To configure the app, click Configure in the menu bar. Follow the Steps to configure in this manual to begin setting up the Splunk App for PCI Compliance for your cardholder data environment.

Last modified on 11 August, 2020
Install prerequisites   Install technology add-ons

This documentation applies to the following versions of Splunk® App for PCI Compliance: 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.3.0, 4.4.0, 4.4.1, 4.5.0 Cloud only, 4.6.0, 4.6.2


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters