a. Installation of Pulse and a user account with Admin privilege.
b. Credentials for Pulse API access (contact the support to obtain credentials).
c. Installation of Splunk Enterprise (6.4 or later) and a user account with Administrator privileges.
d. The Pwnie Express PwnPulse Technology Add-On from SplunkBase.
- Download the Pwnie Express PwnPulse Technology Add-On from SplunkBase at https://splunkbase.splunk.com/app/3725/
- Log in to Splunk Enterprise.
- On the Apps menu, click Manage Apps.
- Click Install app from file.
- In the Upload app window, click Choose File.
- Locate the
.tar.gzfile you downloaded from Step One, and then click Open or Choose depending on your browser.
- Click Upload. Afterward, click Restart Splunk, and then confirm that you want to restart.
- After Splunk is restarted, log in, and select the Pwnie Express PwnPulse add-on from Splunk Home.
- Under Configuration, select the Add-on Settings tab.
- Next, provide the Pulse API URL to be
api.pwnieexpress.netand provide the credentials, i.e. API Access Key and API Secret Key. When complete, click the Save button.
- To verify the add-on is installed properly, select Inputs for the add-on and the following categories should be displayed:
- NetworkHost, Scripts
At this time, Splunk will begin acquiring information from Pulse, but depending on the volume of data being initially retrieved, this might take anywhere between 5-60 minutes before data is
displayed on the Dashboard in Splunk Enterprise.
If an hour has passed and the Splunk Dashboard fails to reflect any data, please acquire the
/opt/splunk/var/log/splunk/ta_pulse_pwnpulse_api.log log file from Splunk and contact
email@example.com for assistance.