Prerequisites

To use the Effective Configuration add-on, fulfill the following requirements:

• Use Splunk Enterprise version 10.0 and higher.
• Use agents in the following versions of Splunk Enterprise:
  • Version 8.0 and higher for the universal forwarder - version 8.0 and higher on every supported platform except Solaris Sparc.
  • Version 8.0 and higher on heavy forwarders, agent managements, and search heads.
• Set up 1 or more agents, such as universal forwarders. For more information, see Plan a deployment.
• Set up pass4SymmKey.

Set up pass4SymmKey

1. You can set pass4SymmKey for the [deployment] stanza in the server.conf file for both agent management and agents. For more information, see server.conf.

   You can also set pass4SymmKey on agents by deploying an application from the agent management. The application sets the pass4SymmKey and restarts the agent management. For more information, see Secure Splunk Enterprise services with pass4SymmKey.

2. Restart the agents and agent management by using the CLI command ./bin/splunk restart.
3. Verify if agents can communicate with phonehome:
   1. Log in to Splunk Enterprise.
   2. Select the settings icon (), and then under the Distributed Environment section, select Agent management.

      The Agent management page opens.

   3. In the Forwarders tab, verify that the agent status is OK to confirm proper connectivity.