发送 Splunk UBA 的anomalies and threats to Splunk ES

由于Splunk UBA 上面的日志需要分析和创建合适的Alert, 和 dashboard 来跟踪和分析，

1: 先看一下架构图：

2: 下面先安装两个add-on:

Verify that the Splunk Add-on for UEBA is installed and enabled

Perform the following steps to verify that the Splunk Add-on for UEBA is installed.

1. Log in to the Splunk search head with Splunk Enterprise Security installed.

2. In Splunk Web, select Apps > Manage Apps.

3. Search for ueba and verify that Splunk_TA_ueba is installed and enabled.

4. If the add-on is not enabled, click Enable to enable it.

Enable SA-UEBA so that Splunk ES can retrieve data from Splunk UBA

Enable SA-UEBA so that dashboards and knowledge objects are visible to users i