Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Prerequisites

With all Splunk deployments you need to consider the use case and usage expectation of the system when planning your Splunk hardware capacity. Splunk performance and scalability is influenced by data volume, search quantity, search frequency, and search complexity. These factors, the deployment architecture, and hardware used for the deployment, will determine your success with Enterprise Security.

The Splunk App for Enterprise Security performs a large number of real-time and scheduled searches. These searches have an impact on the overall deployment performance.

In preparation for your deployment, you will need to:

1. Understand your use case and usage expectations

2. Identify your search head hardware capacity

3. Identify your indexer hardware requirements and capacity

4. Plan your installation

Be sure that you have gone through these planning steps, and fulfilled these requirements before you install the Splunk App for Enterprise Security 3.0 release.

Splunk Enterprise version

The Splunk App for Enterprise Security is dependent on the Splunk Enterprise platform, which must be installed and configured prior to installing and deploying the Splunk App for Enterprise Security.

The Splunk App for Enterprise Security 3.0.1 requires Splunk Enterprise version 6.0.2 or 6.1.x on all search heads and indexers.

Supported operating systems

The operating system refers to the system where the Splunk search head is used. The Splunk App for Enterprise Security runs on the search head and is limited to the following platforms:

  • CentOS 5,6 x86,x64
  • Other Linux x86, x84
  • Windows 2008 R2 x86, x64
  • Windows 2008 x86, x64
  • Windows 2003 x86, x64
  • Windows 7 x86, x64
  • MacOSX 10.6 and above, x64

The components that are distributed to the forwarders or indexers are supported across all supported operating systems as defined by the "System requirements" in the core Splunk product documentation.

Supported client operating systems

The client is the system that is used to connect to SplunkWeb via a web browser. The OSs that are supported include:

  • Windows 2008 R2 x86, x64
  • Windows 2008 x86, x64
  • Windows 2003 x86, x64
  • Windows 7 x86, x64
  • MacOSX 10.6 and above, x64

Supported browsers

  • Microsoft Internet Explorer 9, 10
  • Firefox latest (currently 25)
  • Chrome latest (currently 31)
  • Safari latest (currently 6)
Last modified on 13 April, 2016
Plan your deployment   Hardware requirements

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters