Install the Splunk Add-on for Symantec Endpoint Protection onto your forwarders
Install the Splunk Add-on for Symantec Endpoint Protection on to your Splunk Cloud deployment's forwarder.
Prepare the Splunk Add-on package for installation
Before you deploy the Splunk Add-on, modify the add-on package:
- Remove the
eventgen.conf
files. - Remove all files in the
samples
folder. - Remove the
inputs.conf
file. - Remove the
inputs.conf.spec
file.
Install the add-on on your forwarders
- Download the add-on from Splunkbase.
- Extract the add-on.
- Place the resulting
Splunk_TA_<add-on_name>
folder in the$SPLUNK_HOME/etc/apps
directory on your heavy forwarder. - Restart the heavy forwarder using the command
splunk restart
.
Install the Splunk Add-on for Symantec Endpoint Protection on to your Splunk Cloud deployment | Configure the Symantec Endpoint Protection Manager to export your log data |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Feedback submitted, thanks!