Step 1. Installing Forwarder and Search Head apps

In the distributed deployment scheme, you must install Forwarder App and Search Head App on the basis of the organization of your distributed Splunk environment. For more information about how to choose the computers where the apps must be installed, see section "About the distributed integration scheme".

Forwarder App is installed from the %service_dir%/integration/Kaspersky-CyberTrace-App-for-Splunk_Forwarder.tar.gz file. Search Head App is installed from the %service_dir%/integraion/Kaspersky-CyberTrace-App-for-Splunk_Search-Head.tar.gz file.

Installing the apps

Forwarder App and Search Head App are installed from Splunk Web. The only difference in the installation process is the application file name.

To install Forwarder App or Search Head App:

  1. Open Splunk Web for the Splunk instance where you want to install the app.
  2. In Splunk Web, go to the home page.
  3. On the home page, click the Manage Apps button.

    Manage Apps button

  4. On the Apps page, click the Install app from file button.

    Install app from file button

  5. In the Upload an app window, click Choose File and select the application file mentioned above in this section.

    Upload an app (Choose File)

    Choose File button

  6. In the Upload an app window, click the Upload button.

    Upload an app (Upload) [Search Head]

    Upload button

  7. In the Restart required window, click the Restart Splunk button.

    This step can be skipped, depending on the Splunk version. If Splunk does not display the Restart required window, skip this step.

    Restart Splunk button

  8. When Splunk starts again, the Forwarder App will be displayed in the list of installed apps. When Kaspersky Search Head App is installed, the Apps page will open with information about the successful installation of Kaspersky Search Head App. Kaspersky Search Head App will appear in the list of apps on the Splunk home page.

    Kaspersky Search Head App for Splunk in the list of apps

Page top