You need to have familiarity with the Splunk platform in order to install and configure this add-on. If you are new to using Splunk Enterprise or to Splunk Cloud, see the Additional Resources topic in this manual.
Do the following before you install or configure this add-on:
- Make sure you have a Splunk Cloud deployment that is installed, running, and meets the hardware capacity requirements specified in the Splunk Enterprise Capacity Planning manual.
- Make sure you have access to Splunk Web.
- Make sure your user role permits app installation.
Prerequisites for adding Palo Alto Networks data into a Splunk Cloud deployment
For more information about supported data sources, deployment scenarios, and an overview of Guided Data Onboarding, see the Additional resources topic in this manual.
If you want to get Palo Alto Networks data into a Splunk Cloud deployment, you must have the following prerequisites:
- A Splunk Cloud deployment that is installed and running.
- Access to Splunk Web.
- A user role that permits installing apps and add-ons.
Install a syslog server
This documentation applies to the following versions of Splunk® Enterprise: 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8