Splunk® User Behavior Analytics Monitoring App

Splunk UBA Monitoring App

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Splunk UBA Monitoring App requirements

Review the following requirements before installing the Splunk UBA Monitoring App:

  • Verify the compatibility requirements for the Splunk platform, Splunk UBA, and the Splunk UBA Monitoring App. See the Splunk UBA product compatibility matrix in the Plan and Scale your Splunk UBA Deployment manual.
  • The Splunk UBA Monitoring App forwards data to the _internal index on the Splunk platform. Users of the Splunk UBA Monitoring App must have read access to the _internal index in order to see any data when using the app. Users with the admin role in Splunk Enterprise or sc_admin role in Splunk Cloud Platform have this permission by default. Non-admin users can be granted this access by qualified admin or sc_admin users.
  • The forwarder on Splunk UBA connects to the Splunk platform receiver on port 9997 by default. The receiver on Splunk Enterprise must be enabled to receive data from the forwarder on Splunk UBA. See Enable a receiver in the Splunk Enterprise Forwarding Data manual.
Last modified on 02 September, 2022
PREVIOUS
About the Splunk UBA Monitoring App 		  NEXT
Install the Splunk UBA Monitoring App

This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.1.2, 1.1.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters