Skip to content

Installation overview for the Splunk App for Palo Alto Networks

Notice: If upgrading to the Splunk App for Palo Alto Networks from any version of the “Palo Alto Networks App for Splunk” you will need to remove the latter from your search head and install the Splunk app for Palo Alto Networks.

  1. Ensure you are using the Splunk Add-on for Palo Alto Networks and have followed the migrations steps contained in Splunk Add-on for Palo Alto Networks Documentation if migrating from the Palo Alto Networks Add-on for Splunk.

  2. Download the Splunk App for Palo Alto Networks from Splunkbase or Splunk Web.

  3. Use the tables in this topic to determine where to install this add-on.
  4. Perform any prerequisite steps specified in the tables before installing.
  5. Use the links in the Installation walkthrough section to perform the installation.

Distributed deployments

Use the following tables to install the Splunk App for Palo Alto Networks in a deployment.

Where to install this App

Unless otherwise noted, you can safely install all supported add-ons to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

This table provides a reference for installing this specific App to a distributed deployment of the Splunk platform:

Splunk platform component Supported Required Comments
Search heads/ Search head cluster Yes Yes The Splunk App for Palo Alto Networks contains visualizations
Indexers No No Not Applicable
Heavy forwarders No No Not Applicable
Universal forwarders No No Not Applicable

Install the Splunk App for Palo Alto Networks in a single-instance Splunk Enterprise deployment

Follow these steps to install the Splunk App for Palo Alto Networks in a single-instance deployment:

  1. From the Splunk Web home screen, click the gear icon next to Apps in the navigation bar.
  2. Click Install app from file.
  3. Locate the downloaded file and click Upload.
  4. If Splunk Enterprise prompts you to restart, do so.
  5. Verify that the app appears in the list of apps and add-ons. You can also find it on the server at $SPLUNK_HOME/etc/apps/Splunk_App_for_paloaltonetworks.

Install the Splunk App for Palo Alto Networks in a distributed Splunk Enterprise deployment

If you are using a distributed Splunk Enterprise deployment, follow the instructions in each of the following sections to deploy the Splunk App for Palo Alto Networks to your search heads.

Search heads

To install the Splunk App for Palo Alto Networks to a search head, follow these steps:

  1. Download the Splunk App for Palo Alto Networks from Splunkbase, if you have not already done so.
  2. From the Splunk Web home screen, click the gear icon next to Apps.
  3. Click Install app from file.
  4. Locate the downloaded file and click Upload.
  5. If Splunk Enterprise prompts you to restart, do so.
  6. Verify that the app appears in the list of apps and add-ons. You can also find it on the server at $SPLUNK_HOME/etc/apps/Splunk_App_for_paloaltonetworks

Search head clusters

Use the deployer to deploy an add-on to the search head cluster members.

See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.