Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise.
For documentation on the most recent version, go to the latest release.
Install DB Connect on your heavy forwarder
To get data from your McAfee ePO database into your Splunk deployment, first install the latest version of Splunk DB Connect on a heavy forwarder. Splunk DB Connect is the best solution for working with databases from Splunk.
To deploy Splunk DB Connect, verify that you have the following:
- Splunk Enterprise 6.4.0 or later.
- An enabled Java Platform and a Java Runtime Environment (JRE) 8 from Java Platform, Standard Edition.
- A supported database running locally or elsewhere on your network.
Next, begin the DB Connect installation process:
- Download Splunk DB Connect.
- On the Splunk Web home page, click the gear icon next to Apps in the left sidebar.
- Click Install app from file.
- Navigate to the package that you downloaded
splunk_app_db_connect.tgz. - Click Upload.
- Restart the Splunk software.
- Launch Splunk DB Connect.
Last modified on 07 December, 2018
| Install a heavy forwarder | Install the Splunk Add-on for McAfee on the heavy forwarder |
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10
Download manual
Feedback submitted, thanks!