Install the Splunk UBA Monitoring App
Download the Splunk UBA Monitoring App from Splunkbase.
See Apps and add-ons in the Splunk Enterprise Admin Manual for more information about Splunk apps.
Installation instructions
Install the Splunk UBA Monitoring App in a single-instance or distributed Splunk Enterprise environment. Use the following tables to determine where and how to install the Splunk UBA Monitoring App in a Splunk Enterprise deployment.
Where to install the app in a distributed deployment
Use the table to determine where to install the app in a Splunk Enterprise distributed deployment:
Splunk instance type | Must the app be installed here? | Comments |
---|---|---|
Search Heads | Yes | Install this app on the search head. |
Indexers | No | The app does not contain indexes. |
Forwarders | Already included in UBA | The app contains inputs for forwarder data collection. |
Distributed deployment compatibility
Use the table to check the compatibility of the app with Splunk Enterprise distributed deployment features:
Distributed deployment feature | Supported | Comments |
---|---|---|
Search Head Clusters | Yes | Use the search head cluster deployer to distribute apps across search head cluster members. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual. |
Indexer Clusters | No | The app does not contain indexes or index-time transformations. |
Deployment Server | No | The app does not contain inputs for forwarder data collection. |
Install the app using Splunk Web
- Log in to the Splunk Enterprise search head.
- On the Applications menu, scroll to the bottom and select Find More Apps.
- On the Browse more apps page, locate the app in the list, or type the name in the search box.
- Provide your splunk.com credentials.
- Accept the license terms.
- Click Login and Install.
- Click Done.
- Restart Splunk Enterprise to complete the installation.
Install the app from a downloaded file
- Log in to splunkbase.splunk.com.
- Download the Splunk UBA Monitoring App and save it to an accessible location.
- Log in to the Splunk Enterprise search head.
- On the Applications menu, select the Manage Apps () icon.
- On the Apps page, click Install app from file.
- On the Upload app page, click the Choose file button to locate the app.
- Click Upload.
- Click Done.
- Restart Splunk Enterprise to complete the installation.
Splunk UBA Monitoring App requirements | Enable Splunk UBA to forward data to the Splunk platform |
This documentation applies to the following versions of Splunk® User Behavior Analytics Monitoring App: 1.0.0, 1.1, 1.1.1, 1.1.2, 1.1.3, 1.1.4
Feedback submitted, thanks!