Deploy the Splunk Add-on for Splunk UBA
Determine where and how to install this add-on in your distributed deployment using the information on this page.
The Splunk Add-on for UBA is not available for download on Splunkbase. The add-on is installed by default with Splunk Enterprise Security (ES). See How do I obtain the Splunk Add-on for Splunk UBA?
Where to install this add-on
Depending on your environment, your preferences, and the requirements of the add-on, you might need to install the add-on in multiple places.
To deploy it alongside Splunk Enterprise Security, see Deploy add-ons to Splunk Enterprise Security in the Splunk Enterprise Security Installation and Upgrade Manual.
| Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | This add-on is installed on the search head when you install Enterprise Security. |
| Indexers | Yes | Yes | This add-on includes two indexes and index-time configurations. |
| Heavy Forwarders | Yes | No | All forwarder types are supported. |
| Universal Forwarders | Yes | No | All forwarder types are supported. |
Distributed deployment feature compatibility
This table describes the compatibility of this add-on with Splunk distributed deployment features.
| Distributed deployment feature | Supported | Details |
|---|---|---|
| Search Head Clusters | Yes | Changes made during setup must be manually deployed. |
| Indexer Clusters | Yes | This add-on contains indexes. |
| Deployment Server | Yes | Supported for deploying the configured add-on to multiple nodes. |
| Requirements for using the Splunk Add-on for Splunk UBA | Integrate Splunk ES and Splunk UBA with the Splunk Add-on for Splunk UBA |
This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1
Download manual
Feedback submitted, thanks!