Splunk® Enterprise

Add McAfee data: Splunk Cloud

Acrobat logo Download manual as PDF

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.
Acrobat logo Download topic as PDF

Install DB Connect on your heavy forwarder

To get data from your McAfee ePO database into your Splunk deployment, first install the latest version of Splunk DB Connect on a heavy forwarder. Splunk DB Connect is the best solution for working with databases from Splunk.

To deploy Splunk DB Connect, verify that you have the following:

  • Splunk Enterprise 6.4.0 or later.
  • An enabled Java Platform and a Java Runtime Environment (JRE) 8 from Java Platform, Standard Edition.
  • A supported database running locally or elsewhere on your network.

Next, begin the DB Connect installation process:

  1. Download Splunk DB Connect.
  2. On the Splunk Web home page, click the gear icon next to Apps in the left sidebar.
    1. Click Install app from file.
    2. Navigate to the package that you downloaded splunk_app_db_connect.tgz.
    3. Click Upload.
    4. Restart the Splunk software.
  3. Launch Splunk DB Connect.
Last modified on 07 December, 2018
Install a heavy forwarder
Install the Splunk Add-on for McAfee on the heavy forwarder

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters