Building a Splunk lab [Part 3]

Chimera Security

Part 3 – Installing Apps

Now we have a working Splunk install it’s about time we took a look at Splunkbase, think of Splunkbase as the Splunk App Store.

https://splunkbase.splunk.com

In this part, we will install the Splunk Add-on for Unix and Linux. This TA (Technology Add-on) will provide us with field extractions for Unix & Linux logs.

  1. To get started, go ahead and download the app from the following link. You may need to log in first: https://splunkbase.splunk.com/app/833/
  2. Once downloaded, log in to the Splunk webGUI and select the cog icon next to “Apps” on the home screen.
  3. Now select “Install app from file”.
  4. When prompted for the app file, select “Browse”. In the pop-up directory browser, navigate to the downloaded app file. Select “Upload”.
  5. A restart of Splunk will be required, when prompted select “Restart Splunk”.

 

Installing apps from Splunkbase should follow the same process, have a play and get used to installing apps!

Published by Chimera Security

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s