Splunk® Enterprise

Add McAfee data: Single instance

Download manual as PDF

Download topic as PDF

Install the Splunk Add-on for McAfee in a single-instance Splunk Enterprise deployment

In a single-instance Splunk Enterprise deployment, your Splunk Enterprise instance serves as a receiver, an indexer, and a search head.

To install the Splunk Add-on for McAfee, complete the following steps:

  1. Download the Splunk Add-on for McAfee from Splunkbase.
  2. From the Splunk Web home screen, click the gear icon next to Apps.
  3. Click Install app from file.
  4. Locate the downloaded file and click Upload.
  5. Restart the Splunk platform.
  6. You can verify that your installation succeeded by finding the Splunk add-on for McAfee at SPLUNK_HOME/etc/apps/Splunk_TA_mcafee.
Install the Splunk Add-on for McAfee on the heavy forwarder
Configure Splunk DB Connect v3.1 inputs for the Splunk Add-on for McAfee

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.3.0, 7.3.1, 7.3.2, 8.0.0

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters