Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Install the Splunk App for Enterprise Security

The Splunk App for Enterprise Security is a premium app that you need to purchase separately from Splunk Enterprise. Once Splunk is installed, configured, and running you can download and install the Splunk App for Enterprise Security.

The Splunk App for Enterprise Security includes a install and upgrade tool that can assist with the process of installing the Splunk App for Enterprise Security.

Important: To perform a manual install (or to install a distributed deployment), see "Manual upgrade steps" in this manual.

Get the Splunk App for Enterprise Security

1. Go to the download link for the Splunk App for Enterprise Security 3.0.

2. Click Download App and save the Splunk App for Enterprise Security Installer (splunk_app_installer_es-3.0.0-xxxxx.spl) to your desktop.

This is a Splunk Package file containing the Splunk Enterprise Security Install App. The SPL file is a form of TAR GZ.

Note: You must be logged into Splunk Apps with your Splunk.com ID and be a licensed customer to download the app. If you have issues, contact Splunk Support.

3. Use App > Manage Apps… > Install App from File to add the Enterprise Security Install App to your Splunk instance. Follow the instructions in this section to complete the installation steps.

The Enterprise Security Install App can be used:

Note: Users of the Splunk Enterprise Security Suite 1.1.x need to perform a clean install or upgrade to 2.2.x using an older installer. The current installer does not support upgrades from Splunk Enterprise Security Suite 1.1.x. Contact Splunk Support for more information.

First install of the Splunk App for Enterprise Security

After installing the app from the file (previous step), follow the steps in this section to use the Enterprise Security Install App to install the Splunk App for Enterprise Security for the first time.

For details about what is new in this release, see "Enhancements" in the Splunk App for Enterprise Security Release Notes.

Step 1. Launch the Splunk Enterprise Security Install App

With Splunk already running and while logged in as a Splunk administrator, navigate to to the Enterprise Security Install App on the Splunk Home page.

Es-Splunk home install app.png

Click the Enterprise Security Install App to launch it.

Step 2. Install the Splunk App for Enterprise Security

The Enterprise Security Install App shows that the Splunk App for Enterprise Security is not currently installed.

ES-install-first.png

Click Install to begin the installation. A dialog box reminds you that you must restart Splunk to finish the installation. Click OK, then click Restart Splunk in the lower right corner of the screen.

Notice the steps for the install shown on the left-hand side of the panel.

Step 3. Re-Launch Enterprise Security Install App after Splunk restart

To determine that Splunk has restarted, look at the following file: $SPLUNK_HOME/splunk/var/log/splunk/web_services.log. It will display progress messages for the restart process, including the completion of the restart.

When Splunk has restarted, click the link click here to continue and log in again.

Note: The Splunk App for Enterprise Security automatically enables SSL. The link to Splunk should already provide the correct protocol redirection (https). If you do not get redirected properly, check the protocol in your web browser (for example: https://localhost:8000).

ES-install-second.png

The Enterprise Security Install App displays:

The Splunk App for Enterprise Security is up to date. Current version (version:3.0.0.build:xxxxx) is installed.

You will be notified of future updates.

Do not remove or disable the Enterprise Security Install App. The app will notify you of any updates to the Splunk App for Enterprise Security.

Navigate to Splunk Home. Click the Enterprise Security app.

Finish setup

The first time you open the Splunk App for Enterprise Security, you will see the Setup page.

ES-install setup.png

Verify the settings on this page and click Save. You must restart Splunk for the configuration changes to be applied.

See "Hardware capacity planning for your Splunk deployment" in the core Splunk product documentation for more information about capacity planning.

See "Steps to configure" in this manual for details on configuring the Splunk App for Enterprise Security.

Click Enterprise Security to display the Enterprise Security Home page.

ES-homepage 3.0.png

Last modified on 27 March, 2014
Install prerequisites   Install the app manually

This documentation applies to the following versions of Splunk® Enterprise Security: 3.0


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters