Solved: How can I install the CEF Extraction Add-on for Sp...

Nistrom · ‎08-12-2015

I'm not using the Distributed Deployment, so I can't understand the guide in the documentation for this add-on. I have installed Splunk Enterprise and want it to index and search CEF files. Anyone can help? Thank you.

IgorB · ‎08-13-2015

All you need to do is install the add-on and make sure your CEF data's sourcetype is "cefevents"

View solution in original post

IgorB · ‎08-13-2015

All you need to do is install the add-on and make sure your CEF data's sourcetype is "cefevents"

tmaltizo · ‎10-27-2015

Hi...I wanted to followup on this question, if I may, as we are looking at installing this add-on. We are using Distributed deployment. So, does this addon get installed on the Forwarder? If so, the Forwarder client is on Linux. So, being a *nix novice, would we just run the tar command?

jeremiahc4 · ‎07-25-2016

@tmaltizo
Hopefully you figured it out or asked in a new thread. For installing to your forwarder in a distributed env, hopefully you have a deployment server and would unzip the tgz into the deployment-apps folder there, then assign it to your forwarder via serverclass.conf entry.

How can I install the CEF Extraction Add-on for Splunk Enterprise?

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes

Welcome to the Splunk Community!