Installation

Install the Whisper Security TA on Splunk Enterprise, distributed, or Cloud.

Updated April 2026Splunk Integration

Installation Documentation

Prerequisites

  • Splunk Enterprise 9.3+ or Splunk Cloud (Victoria Experience)
  • Python 3.9+ (included with Splunk)
  • A Whisper Security API key (optional -- Anonymous plan works without a key)

See the Requirements page for detailed software and network requirements.

Deployment topologies

The add-on supports three deployment topologies. Install the TA on the search head in all cases -- search commands and modular inputs run on the search head.

Single-instance deployment

+------------------------------+
|     Splunk Enterprise        |
|  +------------------------+  |
|  | TA-whisper-security    |  |
|  | - Search commands      |  |
|  | - Modular inputs       |  |
|  | - KV Store cache       |  |
|  | - Dashboards           |  |
|  +------------------------+  |
|              |               |
+------------------------------+
               |
        HTTPS (443)
               |
     graph.whisper.security

Install the TA on the single Splunk instance. All components run on the same machine.

Distributed deployment

+------------------+     +------------------+
|   Search Head    |     |    Indexer(s)     |
| TA-whisper-sec   |     |                  |
| - Search cmds    |     | - Indexed data   |
| - Modular inputs |     |                  |
| - KV Store       |     |                  |
| - Dashboards     |     +------------------+
+------------------+
         |
   HTTPS (443)
         |
graph.whisper.security

Install the TA on the search head only. Indexers receive enrichment data through the normal Splunk data pipeline. No TA installation is needed on indexers or forwarders.

Splunk Cloud

+---------------------------+
|      Splunk Cloud         |
|  +---------------------+  |
|  | TA-whisper-security  |  |
|  | (self-service or     |  |
|  |  Cloud Support)      |  |
|  +---------------------+  |
|            |              |
+---------------------------+
             |
       HTTPS (443)
             |
   graph.whisper.security

Install the TA through self-service app installation or work with Splunk Cloud Support. The TA passes AppInspect cloud vetting with zero failures.

Search head cluster: For search head cluster (SHC) deployments, deploy the TA to all cluster members via the deployer. KV Store collections replicate automatically across cluster members.

Install from Splunkbase

  1. Navigate to Apps > Find More Apps in Splunk Web
  2. Search for "Whisper Security"
  3. Click Install

Verify installation

After installation, verify the app is visible and enabled:

| rest /services/apps/local/TA-whisper-security
| table label version disabled

Verify search commands are registered:

| whisperquery query="RETURN 1 AS test LIMIT 1"

Next steps

After installation, proceed to Configuration to set up your API key.

PreviousRequirementsNextConfiguration