Splunk® Enterprise

Add McAfee data: Distributed deployment with indexer clustering

Acrobat logo Download manual as PDF


Splunk Enterprise version 8.0 is no longer supported as of October 22, 2021. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
This documentation does not apply to the most recent version of Splunk® Enterprise. For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

Install the Splunk Add-on for McAfee on your search heads

To install the Splunk Add-on for McAfee that does not run inputs on search heads in a Splunk Enterprise deployment, download the add-on from Splunkbase and then complete the following steps:

  1. From the Splunk Web home screen, click the gear icon next to Apps.
  2. Click Install app from file.
  3. Locate the downloaded file and click Upload.
  4. If Splunk Enterprise prompts you to restart, do so.
  5. From the Splunk Web home screen, click the gear icon next to Apps.
  6. Find the add-on and click Edit properties.
  7. Change Visible to No.

You can verify your installation was successful by finding the Splunk Add-on for McAfee at $SPLUNK_HOME/etc/apps/Splunk_TA_mcafee.

Last modified on 27 August, 2021
PREVIOUS
Install the Splunk Add-on for McAfee onto your heavy forwarder
  NEXT
Install the Add-on for McAfee onto your search head cluster

This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters