Install DB Connect on your heavy forwarder
To get data from your McAfee ePO database into your Splunk deployment, first install the latest version of Splunk DB Connect on a heavy forwarder. Splunk DB Connect is the best solution for working with databases from Splunk.
To deploy Splunk DB Connect, verify that you have the following:
- Splunk Enterprise 6.4.0 or later.
- An enabled Java Platform and a Java Runtime Environment (JRE) 8 from Java Platform, Standard Edition.
- A supported database running locally or elsewhere on your network.
Next, begin the DB Connect installation process:
- Download Splunk DB Connect.
- On the Splunk Web home page, click the gear icon next to Apps in the left sidebar.
- Click Install app from file.
- Navigate to the package that you downloaded
- Click Upload.
- Restart the Splunk software.
- Launch Splunk DB Connect.
Install a heavy forwarder
Install the Splunk Add-on for McAfee on the heavy forwarder
This documentation applies to the following versions of Splunk Cloud™: 8.1.2008, 7.2.7, 7.2.4, 7.2.6, 7.2.8, 7.2.9, 7.2.10, 8.0.2001, 8.0.2003, 8.0.2004, 8.0.2006, 8.0.2007