|About||Code42 App For Splunk|
|TA||TA-Code42ForSplunk , https://splunkbase.splunk.com/app/3746|
|IA||IA-Code42ForSplunk , https://splunkbase.splunk.com/app/3747|
|Vendor Products||Code42 Enterprise/Small Business|
|Has index-time operations||true|
|Create an index||false|
Code42 Integration with Splunk allows visibility into aspects of Code42.
These are the issues that were closed for version 3.0.3.
These are the issues that were closed for version 3.0.2.
These are the issues that were closed for version 3.0.1.
These are the issues that were closed for version 3.0.0.
Version 3.0.5 (114) of Code42 App For Splunk is compatible with:
|Splunk Enterprise versions||6.6, 7.0|
|Vendor Products||Code42 Enterprise / Small Business|
Code42 App For Splunk includes the following new features:
Questions and answers
Access questions and answers specific to Code42 App For Splunk at https://answers.splunk.com.
Please visit https://answers.splunk.com, and ask your question regarding Code42 App For Splunk. Please tag your question with the correct App Tag, and your question will be attended to.
INSTALLATION AND CONFIGURATION
To function properly, Code42 App For Splunk requires the following software:
Because this add-on runs on Splunk Enterprise, all of the Splunk Enterprise system requirements apply.
Download Code42 App For Splunk at https://splunkbase.splunk.com/app/3736.
Deploy to single server instance
Follow these steps to install the app in a single server instance of Splunk Enterprise:
Deploy to distributed deployment
Install to search head
Install to indexers
Install to universal forwarders
Install to Heavy Forwarders
1. Download the IA-Code42ForSplunk package from https://splunkbase.splunk.com.
1. Install "IA-Code42ForSplunk" onto a heavy forwarder in your environment.
1. Configure the Modular Input with the required settings.
Deploy to distributed deployment with Search Head Clustering
1. Place the App into the "deploy_apps" folder on the Deployer Server.
2. Follow the instructions to install to a Heavy Forwarder. This Step is REQUIRED in a clustered SH environment!
3. Deploy the App to the Search Head Cluster. DO NOT install "IA-Code42ForSplunk" to the Cluster!
Deploy to Splunk Cloud
This app provides the index-time and search-time knowledge for the following types of data:
Code42 App For Splunk contains no lookup files.
The following lookup files are generated automatically from saved searches every hour.
Code42 App For Splunk does make use of an event generator. This allows the product to display data, when there are no inputs configured.
Configure Code42 App For Splunk
To configure the Code42 application you should start on the
Application Configuration page ("Administration > Application Configuration")*:
On this screen you can set the base index as well as a flag that specifies that the application is configured. In the future there will be additional configurations available.
If you have configured a proxy server you can view the configuration under this tab. These are proxy server configurations that are being used by existing modular inputs for the Code42 application. You can also delete existing proxy configurations on this tab.
You can view/delete existing credentials on this tab. These are credentials that are being used by existing modular inputs in the Code42 application. These credentials are the credentials used to connect to Code42 appliances.
On this screen you can view and make any changes to existing modular inputs. As you make changes and tab between fields the modular input is modified.
Creating New Proxy Configurations
If you need to use a proxy as part of the connection to the Code42 appliance configure it here.
Create New Proxybutton and fill in the following fields:
Creating New Credentials
By default creating a new modular input with a username and password specified will create the necessary encrypted credentials. However if you want to create encrypted credentials manually follow this process:
Create New Credentialbutton and fill in with the appropriate username and password.
NOTE: By default creating a new modular input will automatically create a new encrypted credential so this process is not necessary unless you need a new credential for another purpose.
Creating New Code42 Inputs
NOTE: You will need to configure a new modular input for each appliance
Create New Modular Inputbutton and fill in the following fields. Those with a red asterisk on the screen are required.
default, which normally writes to the
mainindex, to a specified index for best performance.
Proxy Name: Enter the name of the proxy stanza to use with the input.
After creating the modular input you will need to disable/re-enable the input in "Settings > Data Inputs > Code42 App For Splunk" to activate the input.
NOTE: When configuring the modular input through the Application Configuration dashboard, the password is automatically encrypted into the credential store. If you need to change the credential, create a new credential, and reference the host/user pair in the modular input configuration. An encrypted credential is required for this Splunk App.
By default all events will be written to the "main" index. You should change the index in the configuration files to match your specific index.
Troubleshoot Code42 App For Splunk
The best place to start troubleshooting Code42 App For Splunk is using this search:
Upgrade Code42 App For Splunk
Upgrade Code42 App For Splunk by re-installing into your environment per Splunk Documentation and your environment (see steps above).
Third-party software attributions
Version 3.0.5 (114) of Code42 App For Splunk incorporates the following third-party software or libraries. See README in app for full list.
Changes for App Certification
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.