Splunk® User Behavior Analytics

Install and Upgrade Splunk User Behavior Analytics

Obtain a Splunk license for ingesting Splunk UBA logs

Splunk UBA logs sent to Splunk Enterprise have a sourcetype of uba:*. A new Splunk license allows Splunk UBA logs to be ingested free of charge, up to 150GB per day. You can specify a new custom index to use instead of potentially overloading the default _internal index. Once the Splunk UBA logs are ingested by Splunk Enterprise, they can be used by the Splunk UBA Monitoring App. See About the Splunk UBA Monitoring app in the Splunk UBA Monitoring App manual.

Perform the following tasks to request and obtain the license:

  1. Begin by Contacting Splunk Support to request the new license. Specify the following:
    • Product: Splunk Enterprise
    • Area: Entitlement & Licensing
    • Feature: Licensing
    • Subject: Splunk Enterprise license for ingesting Splunk_UBA_logs
    • Description: Requesting license on Splunk Enterprise to ingest Splunk UBA Logs.
  2. Install the license on Splunk Enterprise. See Install a license in the Splunk Enterprise Installation manual.
  3. See Send Splunk UBA logs to a custom index on Splunk Enterprise.
Last modified on 26 October, 2020
License Splunk UBA   Request and add a new certificate to Splunk UBA to access the Splunk UBA web interface

This documentation applies to the following versions of Splunk® User Behavior Analytics: 5.0.3, 5.0.4, 5.0.4.1, 5.0.5, 5.0.5.1, 5.1.0, 5.1.0.1, 5.2.0, 5.2.1, 5.3.0, 5.4.0, 5.4.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters