|About||LANGuardian App For Splunk|
|Has index-time operations||true|
|Create an index||false|
LANGuardian App For Splunk consumes individual reports via API for integration.
These are the issues that were closed for version 1.0.0.
Test and QA
* [NLG-17] - Re-organize Navigation
* [NLG-18] - Default to select all
* [NLG-22] - Configure Modular Input to support REST proxy
* [NLG-26] - Update interval time
* [NLG-32] - Remove Report
Version 1.0.0 (51) of LANGuardian App For Splunk is compatible with:
|Splunk Enterprise versions||6.5, 6.6|
Version 1.0.0 (51) of LANGuardian App For Splunk fixes the following issues:
Version 1.0.0 (51) of LANGuardian App For Splunk has the following known issues:
Questions and answers
Access questions and answers specific to LANGuardian App For Splunk at https://answers.splunk.com.
Support Offered: Yes
Support Email: firstname.lastname@example.org
Please visit https://answers.splunk.com, and ask your question regarding LANGuardian App For Splunk. Please tag your question with the correct App Tag, and your question will be attended to.
To function properly, LANGuardian App For Splunk requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download LANGuardian App For Splunk at
This app has the following inputs pre-configured:
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Install to search head
Install to indexers
Install to universal forwarders
Install to Heavy Forwarders
1. Download the LANGuardian App For Splunk package from https://splunkbase.splunk.com.
1. Untar the package and locate the IA (Input Add-On) located in "LANGuardianAppForSplunk/appserver/addons". The package will end in ".spl" and should be labeled "IA-LANGuardianAppForSplunk".
1. Install "IA-LANGuardianAppForSplunk" onto a heavy forwarder in your environment.
1. Configure the Modular Input with the required settings.
Deploy to distributed deployment with Search Head Clustering
1. Place the App into the "deploy_apps" folder on the Deployer Server.
2. Follow the instructions to install to a Heavy Forwarder. This Step is REQUIRED in a clustered SH environment!
3. Deploy the App to the Search Head Cluster. DO NOT install "IA-LANGuardianAppForSplunk" to the Cluster!
Deploy to Splunk Cloud
This app provides the index-time and search-time knowledge for the following types of data:
Windows Fileshare Table - 1009
This data feed is the result of calls to the LANGuardian API. If you aren't receiving events check the modular input configuration to verify the event types specified
LANGuardian App For Splunk contains no lookup files.
LANGuardian App For Splunk has the ability to use of an event generator. This allows the product to display data, when there are no inputs configured.
There are five sample event files supplied for event generation. These samples are found in the
samples folder of the app and are:
NOTE: To generate events the Eventgen app must be installed. The app and instructions can be found at https://splunkbase.splunk.com/app/1924/. This app should not be installed on a production system unless you understand the ramifications of generated data being mixed with production data. It is important to realize that unless the eventgen.conf file is modified data will be put in the
Configure LANGuardian App For Splunk
To configure the LANGuardian application you should start on the
Application Configuration page ("Administration > Application Configuration")*:
On this screen you can set a flag that specifies that the application is configured. In the future there will be additional configurations available.
If you have configured a proxy server you can view the configuration under this tab. These are proxy server configurations that are being used by existing modular inputs for the LANGuardian application. You can also delete existing proxy configurations on this tab.
You can view/delete existing credentials on this tab. These are credentials that are being used by existing modular inputs in the LANGuardian application. These credentials are the credentials used to connect to LANGuardian appliances.
On this screen you can view and make any changes to existing modular inputs. Once you are done you will need to press "Save" to apply your changes.
Creating New Proxy Configurations
If you need to use a proxy as part of the connection to the LANGuardian appliance configure it here.
Create New Proxy Configurationbutton and fill in the following fields:
Creating New Credentials
By default creating a new modular input with a username and password specified will create the necessary encrypted credentials. However if you want to create encrypted credentials manually follow this process:
Create New Credentialbutton and fill in with the appropriate username and password.
NOTE: By default creating a new modular input will automatically create a new encrypted credential so this process is not necessary unless you need a new credential for another purpose.
Creating New Modular Inputs
NOTE: You will need to configure a new modular input for each appliance
Create New Modular Inputbutton and fill in the following fields. Those with a red asterisk on the screen are required.
Index: This sets the index for data to be written to. This setting should be changed from
default, which normally writes to the
main index, to a specified index for best performance.
After creating the modular input you will need to disable/re-enable the input in "Settings > Data Inputs > LANGuardian App For Splunk" to activate the input.
NOTE: When configuring the modular input through the Application Configuration dashboard, the password is automatically encrypted into the credential store. If you need to change the credential, create a new credential, and reference the host/user pair in the modular input configuration. An encrypted credential is required for this Splunk App.
The best place to start troubleshooting LANGuardian App For Splunk is using the
Application Health Overview dashboard under the
Administration dropdown. There you will find several panels with information related to errors in the LANGuardian App For Splunk app.
Another troubleshooting method for the LANGuardian App For Splunk app is using this search:
Upgrade LANGuardian App For Splunk by re-installing into your environment per Splunk Documentation and your environment (see steps above).
Please see README in app for full attributions.
LANGuardian App For Splunk consumes individual reports via API from Netfort's LANGuardian.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.