Basic setup of a Splunk Deployment Server to push out technology add-ons and custom apps
HTML-код
- Опубликовано: 8 сен 2024
- In this video I will walk through configuring a deployment server to push out Splunk Unix/Linux technology add-on (TA) and the Windows TA to my connected endpoints.
I will demonstrate using the command line to point the endpoints to the deployment server. After that you will see me jump into Splunk Web and build out the server classes and attach them to apps that will be deployed.
Along with the 2 supported splunk apps, I will also create custom apps that will deploy both inputs and outputs configuration files. This will allow me to have a standard configuration for endpoints when they connect to my Splunk environment.
This video is the groundwork for follow-on videos that will dive deeper into collecting metrics data and searching that data.
Splunk documentation links:
Splunk Deployment Server documentation:
docs.splunk.co...
Configure the Universal Forwarder to connect to a deployment server:
docs.splunk.co...
Configure forwarding with outputs.conf:
docs.splunk.co...
Splunk Add-on for Microsoft Windows:
splunkbase.spl...
Splunk Add-on for Unix and Linux:
splunkbase.spl...
![ARGENTINA vs. CHILE [3-0] | RESUMEN | ELIMINATORIAS SUDAMERICANAS | FECHA 7](http://i.ytimg.com/vi/De3AWmXzhuA/mqdefault.jpg)
Great video. Thanks. It helped me a lot to understand the logic.
Thank you! great video! easy to understand!
Great explanation the best I have seen on the setup of the deployment server
Thank you
@travishall2073 Hi Travis, could you show me a good example of integrating that I could use in my CyberArk labs to be able to do correlation with CyberArk PTA and Splunk to demo the functionality of a SIEM and PAM solution
@@dru0pa Never had the opportunity to work with CyberArk. However, I did find that Splunk has built an Add-on for CyberArk to pull system logs and traffic statistics from Privileged Threat Analytics (PTA) 12.0 and Enterprise Password Vault (EPV) 12. splunkbase.splunk.com/app/2891
There is also Splunk documentation that goes into the install/configuration of this Add-on. docs.splunk.com/Documentation/AddOns/released/CyberArk/About
Do you offer trainings?
Well, I currently work for Splunk and have led multiple workshops for customers under the territory I cover. If you are currently working with a Splunk account team, reach out and ask about Splunk workshops.
Here you can virtual workshops available in your area:
www.splunk.com/en_us/about-us/events.html
Workshops are great, but does not replace the content our Splunk education team has put together.
Make sure to check out the free training course:
www.splunk.com/en_us/training/free-courses/overview.html
If you can make it, Splunk .Conf is a great opportunity to interact with Splunk professionals. Splunk will also post the past 3 years of .Conf sessions here:
conf.splunk.com/watch/conf-online.html#/
The way you explain is commendable brother, would you happen to have an email? or some way to send messages?