Splunk® App for Content Packs

Overview of the Splunk App for Content Packs

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install the Splunk App for Content Packs

To access the content packs on the Data Integrations page of ITSI or IT Essentials Work, you have to install the Splunk App for Content Packs. You can install the Splunk App for Content Packs on your Splunk Cloud Platform or on-premises environment. The Splunk App for Content Packs is compatible with ITSI and IT Essentials Work on Splunk Cloud Platform.

Install the Splunk App for Content Packs on a Splunk Cloud Platform environment

The Splunk App for Content Packs is compatible with ITSI and IT Essentials Work on Splunk Cloud Platform. Splunk Cloud Platform customers can file a case requesting the Splunk App for Content Packs. Use the Splunk Support Portal at Support and Services or contact Splunk Customer Support. You can install the Splunk App for Content Packs on single-instance and distributed deployments.

Install the Splunk App for Content Packs on a single, on-premises environment

At this time, you can't install IT Essentials Work from the Splunk Web interface.

Follow these steps to install the Splunk App for Content Packs on a single, on-premises Splunk Enterprise environment.

  1. Download the Splunk App for Content Packs from Splunkbase.
  2. Put the downloaded file splunk-app-for-content-packs_<latest_version>.spl into $SPLUNK_HOME/etc/apps.
  3. Stop your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk stop
    
  4. Extract the installation package into $SPLUNK_HOME/etc/apps. For example:
    tar -xvf splunk-app-for-content-packs_<latest_version>.spl -C $SPLUNK_HOME/etc/apps
    

    On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.

    The extracted directories have the following naming convention DA-ITSI-CP-<contentpack> and DA-ITSI-ContentLibrary.

  5. Start your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk start
    

Install the Splunk App for Content Packs on a search head cluster environment

Follow these steps to to install the Splunk App for Content Packs on a search head cluster Splunk Enterprise environment.

  1. Download the Splunk App for Content Packs from Splunkbase.
  2. On the deployer, extract the Splunk App for Content Packs installation package into the $SPLUNK_HOME/etc/shcluster/apps directory. For example:
    tar -xvf splunk-app-for-content-packs_<latest_version>.spl -C $SPLUNK_HOME/etc/shcluster/apps
    
  3. From the deployer, run the following command to deploy the Splunk App for Content Packs to the cluster members:
    splunk apply shcluster-bundle --answer-yes -target <URI>:<management_port> -auth <username>:<password>

Install the Splunk App for Content Packs on a distributed environment

You can install the Splunk App for Content Packs on any distributed Splunk Enterprise environment.

Where to install the Splunk App for Content Packs

Splunk instance type Supported Required Actions required
Search heads Yes Yes Install the Splunk App for Content Packs on all search heads. Search heads have to be running a compatible version of Splunk Enterprise. For compatible versions, see the compatibility matrix.
Indexers Yes No The Splunk App for Content Packs doesn't require indexers.
License master Yes No The Splunk App for Content Packs doesn't require a license master component.
Heavy forwarders Yes No The Splunk App for Content Packs doesn't contain a data collection component.
Universal forwarders Yes No The Splunk App for Content Packs doesn't contain a data collection component.

Install the Splunk App for Content Packs for ITSI or IT Essentials Work 4.8.x and below

The Data Integrations page, where you access the content packs, is only available for ITSI or IT Essentials Work 4.9.x and later. If you have a version of either ITSI or IT Essentials Work lower than 4.9, you have to download the content pack as a backup ZIP file and restore it using the backup/restore functionality. The ZIP files are embedded within the documentation in the installation steps of each content pack.

Last modified on 30 November, 2021
PREVIOUS
Overview of the Splunk App for Content Packs
  NEXT
Troubleshoot the Splunk App for Content Packs

This documentation applies to the following versions of Splunk® App for Content Packs: 1.3.0, 1.4.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters