Download topic as PDF
Splunk UBA Monitoring App requirements
Review the following requirements before installing the Splunk UBA Monitoring App:
- Verify the compatibility requirements for the Splunk platform, Splunk UBA, and the Splunk UBA Monitoring App. See the Splunk UBA product compatibility matrix in the Plan and Scale your Splunk UBA Deployment manual.
- The Splunk UBA Monitoring App forwards data to the
_internalindex on the Splunk platform. Users of the Splunk UBA Monitoring App must have read access to the
_internalindex in order to see any data when using the app. Users with the
adminrole in Splunk Enterprise or
sc_adminrole in Splunk Cloud Platform have this permission by default. Non-admin users can be granted this access by qualified
- For Splunk Enterprise users, see About users and roles in the Splunk Enterprise Admin Manual.
- For Splunk Cloud Platform users, see Manage Splunk Cloud users and roles in the Splunk Cloud Admin Manual.
- The forwarder on Splunk UBA connects to the Splunk platform receiver on port 9997 by default. The receiver on Splunk Enterprise must be enabled to receive data from the forwarder on Splunk UBA. See Enable a receiver in the Splunk Enterprise Forwarding Data manual.
Last modified on 02 September, 2022
About the Splunk UBA Monitoring App
Install the Splunk UBA Monitoring App
This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1.2, 1.1.3
Feedback submitted, thanks!