Splunk Enterprise version 7.3 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise.
For documentation on the most recent version, go to the latest release.
Install the Splunk Add-on for Symantec Endpoint Protection onto your forwarders
You can download the Splunk Add-on for Symantec Endpoint Protection from Splunkbase.
To install an add-on on to universal forwarders in a distributed Splunk Enterprise deployment, complete the following steps:
- Untar the add-on.
- Place the resulting
Splunk_TA_<add-on_name>folder in the$SPLUNK_HOME/etc/appsdirectory on your forwarder. - Restart the universal forwarder:
- Linux:
./splunk restart - Windows :
.\splunk restart
- Linux:
Last modified on 07 December, 2018
| Install and configure a Universal Forwarder on your Symantec Endpoint Protection instance | Install the Splunk Add-on for Symantec Endpoint Protection on your search heads |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Download manual
Feedback submitted, thanks!