Splunk compatibilityAvailable deployment architecturesVirusTotal App can be deployed in both single-instance environments and distributed search deployments, and is also available through the Splunk Cloud Platform. Before installing VirusTotal App on-premises, ensure you understand the core components of a Splunk platform architecture. For more information, refer to the Components of a Splunk Enterprise deployment section in the Capacity Planning Manual.Single instance deploymentsIn a single-instance deployment, all Splunk functions—including indexing, searching, and app execution—run on a single Splunk Enterprise server.The VirusTotal App can be installed directly on this instance without any additional configuration requirements.Typical scenarios where a single-instance deployment is appropriate include:Small environments or proof-of-concept installationsLabs or testing environmentsLow-volume monitoring setupsBecause the app is lightweight and does not include dashboards, saved searches, or heavy data processing, it imposes minimal resource overhead in single-instance architectures.Distributed deploymentsIn a distributed Splunk Enterprise deployment, different Splunk roles operate across multiple servers, such as:Search HeadsIndexersForwardersWhen installing the VirusTotal App in a distributed architecture, keep the following in mind:Install the app only on Search Heads.The VirusTotal App performs REST API requests and enrichments through SPL commands, and therefore does not need to be installed on indexers or forwarders.The app has no impact on indexers.Since it does not create indexes, scheduled searches, or data collection components, it is safe to deploy in large-scale Search Head Clusters.Search Head Cluster compatibility.The app can be safely deployed across Search Head Cluster members.Ensure you deploy the app through the Deployer (in on-prem clustered environments) to maintain configuration consistency.Cloud deploymentsThe VirusTotal App is fully compatible with the Splunk Cloud Platform, and can be installed directly through the Apps interface, provided the environment allows installation of custom or vetted apps. Key considerations for cloud environments include:API key management is performed through the app’s built-in configuration UI.Connectivity to VirusTotal API endpoints must be permitted from the Splunk Cloud environment.No additional cloud-specific configuration is required, as the app does not rely on local system paths or restricted components.