Deploy the Splunk Add-on for Splunk UBA
Determine where and how to install this add-on in your distributed deployment using the information on this page.
Where to install this add-on
Depending on your environment, your preferences, and the requirements of the add-on, you might need to install the add-on in multiple places.
To deploy it alongside Splunk Enterprise Security, see Deploy add-ons to Splunk Enterprise Security in the Splunk Enterprise Security Installation and Upgrade Manual.
|Splunk instance type||Supported||Required||Comments|
|Search Heads||Yes||Yes||This add-on is installed on the search head when you install Enterprise Security.|
|Indexers||Yes||Yes||This add-on includes two indexes and index-time configurations.|
|Heavy Forwarders||Yes||No||All forwarder types are supported.|
|Universal Forwarders||Yes||No||All forwarder types are supported.|
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features.
|Distributed deployment feature||Supported||Details|
|Search Head Clusters||Yes||Changes made during setup must be manually deployed.|
|Indexer Clusters||Yes||This add-on contains indexes.|
|Deployment Server||Yes||Supported for deploying the configured add-on to multiple nodes.|
Requirements for using the Splunk Add-on for Splunk UBA
Integrate Splunk ES and Splunk UBA with the Splunk Add-on for Splunk UBA
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 220.127.116.11, 5.0.5, 18.104.22.168