Installation overview for the Splunk Add-on for Palo Alto Networks¶
- Download the Splunk Add-on for Palo Alto Networks from Splunkbase or Splunk Web.
- Use the tables in this topic to determine where to install this add-on.
- Perform any prerequisite steps specified in the tables before installing.
- Use the links in the Installation walkthrough section to perform the installation.
Distributed deployments¶
Use the following tables to install the Splunk Add-on for Palo Alto Networks in a deployment that uses forwarders to get data in, such as a distributed deployment. You might need to install the add-on in multiple places.
Where to install this add-on¶
Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.
This table provides a reference for installing this specific add-on to a distributed deployment of the Splunk platform:
| Splunk platform component | Supported | Required |
|---|---|---|
| Search heads | Yes | Yes |
| Indexers | Yes | Yes |
| Heavy forwarders | Yes | Yes |
| Universal forwarders | No | No |
Distributed deployment compatibility¶
This table provides a quick reference for the compatibility of this add-on with Splunk distributed deployment features:
| Distributed deployment feature | Supported |
|---|---|
| Search head clusters | Yes |
| Indexer clusters | Yes |
| Deployment server | No |
Installation walkthroughes¶
See the following links, or About installing Splunk add-ons in the Splunk Add-Ons manual, for an installation walkthrough specific to your deployment scenario: