Attempting to install/configure the Splunk Add-on for Cisco ASA. Based on the README file, it isn’t clear to me where we need to install this app for our environment.
http://apps.splunk.com/app/1620/
In a distributed environment where Search Head and Indexer are on separate servers and ASAs dumping logs to a remote syslog server (also separate). The syslog server has the Splunk Universal Forwarder installed and forwards log data to Splunk.
The README is clear in that we need to install on the Search Head. My question is do we also install the app on the syslog server, the indexer, or both?
... View more