Skip to content

Hardware and software requirements for the Splunk Add-on for Carbon Black

Carbon Black requirements

This add-on consumes Carbon Black event data from a JSON file configured through file_monitor. You download and run the Carbon Black Event Forwarder utility (cb-event-forwarder) in order to generate the JSON file. Splunk monitors the JSON file that is generated by this utility.

The cb-event-forwarder utility and installation instructions are available on GitHub at GitHub - cb-event-forwarder.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

Splunk Enterprise

For Splunk Enterprise system requirements, see System requirements for use of Splunk Enterprise on-premises in the Splunk Enterprise Installation Manual.

Splunk Cloud Platform

If you are managing on-premises forwarders to get data into Splunk Cloud Platform, see System requirements for use of Splunk Enterprise on-premises in the Splunk Enterprise Installation Manual, which includes information about forwarders.