Skip to content

Hardware and software requirements for the Splunk Add-on for Cisco ESA

Splunk admin requirements

To install and configure the Splunk Add-on for Cisco ESA, you must be a member of the admin or sc_admin role.

Cisco ESA setup requirements

  • You must have access to the Cisco IronPort Email Appliance Administration interface so that you can configure Cisco ESA to send data to the Splunk platform. Sending data requires network connectivity between the Splunk platform and Cisco ESA.
  • To receive data via syslog, you must know the IP address of the Splunk platform and the port that the network input uses.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.

For information about installation locations and environments, see Install the Splunk Add-on for Cisco ESA.

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.