TOC & Recently Viewed

Recently Viewed Topics


The Tenable Add-on has specific purposes for each Splunk component. The components are listed and described below.

Heavy Forwarder

The Heavy Forwarder collects and forwards data for all events.

Note: You must configure inputs to run from the heavy forwarder.

Note: You must enable the key value store (KV) on the heavy forwarder.


The Indexer ensures Tenable data is properly indexed.

Note: You can use a default index or create and set a custom index. This is required.

  • Search Head

    The Search Head allows full functionality of the Tenable Add-on adaptive response actions.

    Note: You must configure the Search Head with the same configuration details you have on the Heavy Forwarder for the adaptive response actions to work correctly.

    Note: If you install the Tenable App for Splunk on the search head, you must also install the Tenable Add-on.


    Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.