TOC & Recently Viewed

Recently Viewed Topics

Splunk Environments

The installation process for the Tenable App for Splunk and Tenable Add-On for Splunk varies based on your Splunk environment.

Deployment Types

Single server, distributed deployment, and cloud instance options are available.

Single Server Deployment

In a single server deployment, a single instance of Splunk Enterprise works as a data collection node, indexer, and search head. In this instance, install the Tenable Add-On and Tenable App on this node. Complete the setup for the Tenable Add-On to start data collection.

Distributed Deployment

In a distributed deployment, install Splunk on at least two instances. One node works as a search head while the other node works as an indexer for data collection.

The following table displays information on how the Tenable Add-On and Tenable App are installed in the distributed environment.

Component Forwarder Indexer Search Head
Tenable Add-on for Splunk (TA-Tenable)


  • configure accounts
  • configure data input


  • configure accounts
Tenable-SC App for Splunk (Tenable App) No No Yes

Cloud Instance

In Splunk Cloud, the data indexing takes place in a cloud instance.

Note: The data collection can take place in an on premise Splunk instance that works as a heavy forwarder.

The application can be installed via a command line or from the Splunk UI.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.