Installing QRadar App for Splunk Data Forwarding

Use the QRadar® Extensions Management tool to install the app on your QRadar Console.

Before you begin

Before you install the app, ensure that IBM® QRadar App for Splunk Data Forwarding meets the minimum memory (RAM) requirements. QRadar App for Splunk Data Forwarding requires 200 MB of free memory from the application pool of memory. If QRadar App for Splunk Data Forwarding fails to install, then your application pool does not have enough free memory to run the app. Consider adding an App Node or an App Host to your QRadar deployment. For more information on calculating the required memory, see Apps and Resource Limitation (https://ibm.com/support/pages/qradar-apps-and-resource-limitation).

QRadar7.3.1 uses an App Node, which is an unmanaged host, that is dedicated to running apps. Provision an App Node to provide extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your QRadar Console.

QRadar 7.3.2 or later use an App Host, which is a managed host, that is dedicated to running apps. App Hosts provide extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your QRadar Console. For more information, see App Hosts.

About this task

You can use the IBM QRadar Extensions Management tool to install the app on your QRadar Console.

Procedure

  1. If the IBM QRadar Assistant app is configured on QRadar, use the following instructions to install QRadar App for Splunk Data Forwarding: QRadar Assistant app (https://www.ibm.com/docs/en/qsip/7.4?topic=apps-qradar-assistant-app).
  2. If the QRadar Assistant app is not configured, download QRadar App for Splunk Data Forwarding archive from the IBM Security App Exchange (https://apps.xforce.ibmcloud.com/) onto your local computer. You must have an IBM ID to access the App Exchange.
  3. In the System Configuration section, click Extensions Management.
  4. In the Extensions Management window, click Add and select the app archive that you want to upload to the console.
  5. Select the Install immediately check box.
    Important: You might have to wait several minutes before your app becomes active.

Results

If the app installed successfully, you see it listed as 'Installed' on the Extensions Management page of the Admin tab. If the app didn't install correctly, see QRadar apps troubleshooting.

What to do next

When the installation is complete, refresh the browser window before you use the app.