hRun
commented
3 years ago Hi sddangelo,
The add-on should indeed only be installed on the SHs you're planning to use the shipped custom search command on. The search command runs locally after the SHs received intermediate search results from your indexers and queries the HIBP API to enrich these results. Therefore there's no benefit installing the add-on on any other Splunk servers.
Cheers, hRun
Setup notes say to install on the SH- I assume for the knowledge objects. No configuration or API calls being done here - correct?
Since this is making API calls - shouldn't the configuration be done on a HF? The notes don't reference this so I wanted to confirm.