Install the Splunk Add-on for CyberArk¶
Use the tables in this topic to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise. See the installation walkthrough section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, or Splunk Cloud.
Distributed installation of this add-on¶
This table provides a quick reference for installing this add-on to a distributed deployment of Splunk Enterprise.
| Splunk instance type | Supported | Required | Comments |
|---|---|---|---|
| Search Heads | Yes | Yes | Install this add-on to all search heads where CyberArk knowledge management is required. |
| Indexers | Yes | No | Not required, because this add-on does not include any index-time operations. |
| Heavy Forwarders | Yes | No | All forwarder types are supported. |
| Universal Forwarders | Yes | No | All forwarder types are supported. |
Distributed deployment compatibility¶
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features.
| Distributed deployment feature | Supported | Comments |
|---|---|---|
| Search Head Clusters | Yes | You can install this add-on on a search head cluster for all search-time functionality, but configure inputs only on a forwarder to avoid duplicate data collection. Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder. |
| Indexer Clusters | Yes | Before installing this add-on to a cluster, remove the eventgen.conf file and all files in the Samples folder. |
| Deployment Server | Yes | Supported for deploying configured add-on to your forwarder. |
Installation walkthrough¶
See Installing add-ons in Splunk Add-Ons for detailed instructions describing how to install a Splunk add-on in the following deployment scenarios: