Install the Splunk UBA Kafka Ingestion App
You can download the Splunk UBA Kafka Ingestion App from Splunkbase. To learn more about Splunkbase apps, see Where to get more apps and add-ons in the Splunk Enterprise Admin Manual.
After downloading the Splunk UBA Kafka Ingestion App and verifying the prerequisites, install the app using either Splunk Web or directly from the downloaded file.
The Splunk UBA Kafka Ingestion App must be installed on the Splunk search head.
If your environment includes multiple search heads, install the Splunk UBA Kafka Ingestion App on each search head. If you have a clustered Splunk environment, you can install this app on the search head cluster. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.
Install the app on Splunk Enterprise using Splunk Web
Perform the following steps to install the Splunk UBA Kafka Ingestion App on Splunk Enterprise using Splunk Web:
- Log in to the Splunk Enterprise search head.
- On the Applications menu, scroll to the bottom and select Find More Apps.
- On the Browse more apps page, locate the app in the list, or type the name in the search box.
- Provide your splunk.com credentials.
- Accept the license terms.
- Click Login and Install.
- Click Done.
- Restart Splunk Enterprise to complete the installation.
Install the app on Splunk Enterprise from a downloaded file
Perform the following steps to install the Splunk UBA Kafka Ingestion App on Splunk Enterprise using a downloaded file:
- Log in to splunkbase.splunk.com.
- Download the Splunk UBA Kafka Ingestion App and save it to an accessible location.
- Log in to the Splunk Enterprise search head.
- On the Applications menu, select the Manage Apps () icon.
- On the Apps page, click Install app from file.
- On the Upload app page, click the Choose file button to locate the app.
- Click Upload.
- Click Done.
- Restart Splunk Enterprise to complete the installation.
Install the app on the Splunk Cloud Platform
The Splunk UBA Kafka Ingestion App is supported on Splunk Cloud Platform. For steps, see Install apps on your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual.
Classic Experience requires Splunk Support to install an app on Enterprise Security search heads.
To enable hostname verification for Kafka data ingestion, Splunk Cloud Platform users must work with Splunk Support to obtain a certificate from a root certificate authority (CA). See, Obtain a root CA.
Requirements for Kafka data ingestion | Enable Kafka data ingestion |
This documentation applies to the following versions of Splunk® User Behavior Analytics Kafka Ingestion App: 1.4.3
Feedback submitted, thanks!