Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

This documentation does not apply to the most recent version of Splunk® User Behavior Analytics. For documentation on the most recent version, go to the latest release.

Splunk UBA installation checklist

Install Splunk UBA with assistance from Splunk Professional Services.

Checklist of tasks to install Splunk UBA

Use this checklist if you are a new Splunk UBA customer installing a Splunk UBA platform release for the first time. See About Splunk User Behavior Analytics and release types for information about how to determine if your Splunk UBA release is a platform release.

If you are an existing customer and want to upgrade to a more recent version of Splunk UBA, see How to install or upgrade to this release of Splunk UBA for upgrade instructions.

Perform all tasks in the table in the order that they are listed.

Number Task Description Documentation
1 Review known issues Review the known issues reported in this Splunk UBA release. See Known issues in Splunk UBA.
2 Verify sizing You can install Splunk UBA in a single-server deployment or in a distributed deployment. All servers must meet the system requirements. Verify that the planned architecture of the system meets the requirements for the desired EPS and number of accounts, devices, and data sources. See Plan and scale your Splunk UBA deployment.
3 Verify hardware requirements Verify hardware requirements such as the minimum IOPS of the storage subsystem, and the disk space and RAM on all nodes. See Hardware requirements.
4 Verify operating system requirements Verify that your system is running a supported operating system. Automatic OS updating must be turned off on all nodes. See Operating system requirements.
5 Verify permissions Verify that you are able to log in to each node and that root account permissions exist. See User access requirements.
6 Verify networking requirements Verify networking requirements such as node connectivity, port availability, IP address assignments, and DNS configuration. See Networking requirements.
7 Configure host name lookup and DNS Configure the host name lookup and DNS settings in your environment so that all Splunk UBA nodes can communicate with each other. See Configure host name lookup and DNS.
8 Verify Splunk platform user account requirements A properly configured Splunk user account is required to send data from the Splunk platform to Splunk UBA. See Requirements for connecting to and getting data from the Splunk platform.
9 Install Splunk UBA Perform any remaining platform-specific tasks that are needed, and then download and install the Splunk UBA software and perform the installation.

Splunk UBA 5.0.0 requires files from the Splunk UBA 5.0.4 installation package in order to complete the installation on RHEL, OEL, or CentOS 7.8 or later. Follow the installation instructions carefully and make sure you do not skip the steps to obtain and extract files from the Splunk UBA 5.0.4 installation package. At the end of the installation, you will be running Splunk UBA 5.0.0. You can then upgrade to the appropriate Splunk UBA version.

 See Install Splunk User Behavior Analytics.
10 Verify the installation Open a supported web browser and log in to the public IP address with admin credentials to confirm a successful installation. See Verify successful installation.

Next steps after installing Splunk UBA

Perform the tasks summarized in the table after Splunk UBA is successfully installed.

Number Task Description Documentation
1 Secure the default account Change the password for the default admin account, and optionally restrict sudo access. See Secure the default account after installing Splunk UBA.
2 Configure Splunk UBA Perform additional tasks to configure Splunk UBA:
  1. Perform the tasks in Configure Splunk UBA.
  2. Upload a license file. See License Splunk UBA.
  3. Manage your Splunk UBA certificates. See Request and add a new certificate to Splunk UBA to access the Splunk UBA web interface.
3 Administer Splunk UBA Administer user accounts and monitor the health of your deployment.
  1. Configure user accounts and authentication. See Manage user accounts and account roles in Splunk UBA in the Administer Splunk User Behavior Analytics manual.
  2. Verify that Splunk UBA is running normally. See Monitor the health of your Splunk UBA deployment in the Administer Splunk User Behavior Analytics manual.
4 Add data to Splunk UBA After Splunk UBA is installed and configured, add human resources (HR) data and assets data from the Splunk platform as your first data sources. See Which data sources do I need? in the Get Data into Splunk User Behavior Analytics manual.
Last modified on 22 September, 2021
How to install or upgrade to this release of Splunk UBA   Plan and scale your Splunk UBA deployment

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters