Install the Splunk Add-on for Cisco ESA¶
- Get the Splunk Add-on for Cisco ESA by downloading it from Splunkbase or browsing to it using the app browser within Splunk Web.
- Determine where and how to install this add-on in your deployment, using the tables on this page.
- Perform any prerequisite steps before installing, if required and specified in the following tables.
- Complete your installation.
If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.
Distributed deployments¶
Use the following tables to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.
Where to install this add-on¶
Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. Where to install Splunk add-ons in the Splunk Add-ons manual for more information.
This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise:
| Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | Install this add-on on all search heads where Cisco ESA knowledge management is required. |
| Indexers | Yes | Conditional | Not required if you use heavy forwarders to collect data. Required if you use universal forwarders to collect data. |
| Heavy Forwarders | Yes | See Comments | This add-on supports forwarders of any type for data collection. |
| Universal Forwarders | Yes | See Comments | This add-on supports forwarders of any type for data collection. |
Distributed deployment feature compatibility¶
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
Distributed deployment feature |
Supported |
Comments |
|---|---|---|
Search Head Clusters |
Yes |
You can install this add-on on a search head cluster for all
search-time functionality. |
Indexer Clusters |
Yes |
Before installing this add-on to a cluster, remove the
|
Deployment Server |
Yes |
Supported for deploying the configured add-on. |
Installation walkthroughs¶
The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.
For a walkthrough of the installation procedure, follow the link that matches your deployment scenario: