Skip to content

Installation

The Splunk App for Behavioral Profiling is available on Splunkbase

Single Instance Splunk Deployments

Install the app on the Splunk Enterprise/Cloud Search Head.

Distributed Splunk Deployments

As in single instance Splunk deployments, install the app on the Splunk Enterprise/Cloud Search Head. Note there will be separate instructions on the Configuration page for distributed Splunk environments for the indexes required by the app.

Search Head Clusters

The Splunk App for Behavioral Profiling can be installed in an SHC by following the standard installation instructions for the app.

Note on Potential Performance and Other Impacts:

The app is designed to efficiently scale, and utilises components such as summary indexing, KV storage and schedule windows to do so. That being said, as more indicator searches and scoring rules are deployed, you may see changes in the performance of your Splunk deployment - please leverage the monitor views within the app to understand where scheduled searches are contributing high load if you see performance degredation.