Splunk Environments

The installation process for Splunk varies based on your Splunk environment.

Deployment Types

Single-server, distributed deployment, and cloud instance options are available.

Single-Server Deployment

In a single-server deployment, a single instance of Splunk Enterprise works as a data collection node, indexer, and search head. Use this instance to install the Tenable Add-on and Tenable App on this node. Complete the setup to start data collection.

Distributed Deployment

In a distributed deployment, install Splunk on at least two instances. One node works as a search head, while the other node works as an indexer for data collection.

The following table displays Tenable Add-On and Tenable App installation information in the distributed environment.

Component	Forwarder	Indexer	Search Head
Tenable Add-on for Splunk (TA-Tenable)	Yes configure accounts configure data input	No	Yes configure accounts
Tenable-SC App for Splunk (Tenable App)	No	No	Yes

Component

Forwarder

Indexer

Search Head

Tenable Add-on for Splunk (TA-Tenable)

Yes

configure accounts
configure data input

Yes

configure accounts

Tenable-SC App for Splunk (Tenable App)

Yes

Cloud Instance

In Splunk Cloud, the data indexing takes place in a cloud instance.

Note: The data collection can take place in an on-premises Splunk instance that works as a heavy forwarder.

You can install the application via a command line or from the Splunk user interface.