This documentation does not apply to the most recent version of Splunk® User Behavior Analytics Monitoring App. Click here for the latest version.Download topic as PDF
Splunk UBA Monitoring App requirements
The Splunk UBA Monitoring App requires the following combination of Splunk UBA with Splunk Enterprise or Splunk Cloud Platform:
|Splunk UBA Monitoring App version||Splunk UBA version||Splunk Enterprise version|
|Splunk UBA Monitoring App 1.1.1||Splunk UBA 5.0.3 or higher||Splunk Enterprise versions 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0|
Splunk Cloud Platform
|Splunk UBA Monitoring App 1.1||Splunk UBA 5.0.3||Splunk Enterprise versions 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0|
|Splunk UBA Monitoring App 1.0.0||Splunk UBA 5.0.0||Splunk Enterprise versions 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.2.0|
Additional requirements for the Splunk UBA Monitoring App
- The Splunk UBA Monitoring App forwards data to the
_internalindex on the Splunk platform. Users of the Splunk UBA Monitoring App must have read access to the
_internalindex in order to see any data when using the app. Users with the
adminrole in Splunk Enterprise or
sc_adminrole in Splunk Cloud Platform have this permission by default. Non-admin users can be granted this access by qualified
- For Splunk Enterprise users, see About users and roles in the Splunk Enterprise Admin Manual.
- For Splunk Cloud Platform users, see Manage Splunk Cloud users and roles in the Splunk Cloud Admin Manual.
- The forwarder on Splunk UBA connects to the Splunk platform receiver on port 9997 by default. The receiver on Splunk Enterprise must be enabled to receive data from the forwarder on Splunk UBA. See Enable a receiver in the Splunk Enterprise Forwarding Data manual.
Last modified on 07 April, 2022
About the Splunk UBA Monitoring App
Install the Splunk UBA Monitoring App
This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1.1
Feedback submitted, thanks!