Re: SplunkforSymantec installation question

HackerAce1 · ‎12-05-2013

The documentation for SplunkforSymantec state:

After downloading the app and going through the set up process, you still need to install either the Symantec 11 Technology Add-on or Symantec 12 Technology Add-on. If you are currently running both products, you should install both TAs. They are included with this app in the appserver/addons directory.

How do you install the TA?

Also in the /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons/TA-sepapp12/README there are references to:

Copy the following file: $SPLUNK_HOME/etc/apps/TA-sep/default/inputs.conf.local To the following location: $SPLUNK_HOME/etc/apps/TA-sep/local/inputs.conf

These locations do not exist!

sphadnis · ‎06-23-2016

I have the similar issue - can anyone elaborate on the installation instructions? I have a couple of forwarders, and a couple of indexers and a search head (all on different machines). As I understood, I am required to install the TA on the indexers - how does one achieve that? I dont see any option for spl or tgz file.

mattspierce · ‎02-28-2014

I'm having a similar issue. I am seeing events form the symantec server in the data. I do not see the Symantec Plugin recognizing that data. I've located the TA for sep11 and sep12 in /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons but there are no tgz or spl file to install.

jordanperks · ‎12-05-2013

Are you putting those on your SEP server? I believe that is only required if you are installing a UF on your SEP server.

How do you install TA's for SplunkforSymantec?

add-on

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio