Installation

How do you install TA's for SplunkforSymantec?

HackerAce1
Engager

The documentation for SplunkforSymantec state:

After downloading the app and going through the set up process, you still need to install either the Symantec 11 Technology Add-on or Symantec 12 Technology Add-on. If you are currently running both products, you should install both TAs. They are included with this app in the appserver/addons directory.

How do you install the TA?

Also in the /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons/TA-sepapp12/README there are references to:

  1. Copy the following file: $SPLUNK_HOME/etc/apps/TA-sep/default/inputs.conf.local To the following location: $SPLUNK_HOME/etc/apps/TA-sep/local/inputs.conf

These locations do not exist!

Labels (1)
0 Karma

sphadnis
Path Finder

I have the similar issue - can anyone elaborate on the installation instructions? I have a couple of forwarders, and a couple of indexers and a search head (all on different machines). As I understood, I am required to install the TA on the indexers - how does one achieve that? I dont see any option for spl or tgz file.

0 Karma

mattspierce
Explorer

I'm having a similar issue. I am seeing events form the symantec server in the data. I do not see the Symantec Plugin recognizing that data. I've located the TA for sep11 and sep12 in /opt/splunk/etc/apps/SplunkforSymantec/appserver/addons but there are no tgz or spl file to install.

0 Karma

jordanperks
Path Finder

Are you putting those on your SEP server? I believe that is only required if you are installing a UF on your SEP server.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...