Splunk® Enterprise Security

Install and Upgrade Splunk Enterprise Security

This documentation does not apply to the most recent version of Splunk® Enterprise Security. For documentation on the most recent version, go to the latest release.

Install the Splunk App for Enterprise Security

This topic describes how to use the Enterprise Security Install App to install the Splunk App for Enterprise Security

Splunk App for Enterprise Security prerequisites

Review "Splunk Enterprise deployment planning" in this manual to validate the requirements for the Enterprise Security app before beginning the installation.

Step 1. Download the Splunk App for Enterprise Security

1. Download the latest Splunk App for Enterprise Security Install app.

2. Choose Download App and save the Splunk Enterprise Security Install App to your desktop.

Important: You must be logged into Splunk Apps with your Splunk.com ID and be a licensed Enterprise Security customer to download the app. If you have issues, contact Splunk Support.

3. On the search head, navigate to App > Manage Apps… > Install App from File to add the Install App to your Splunk Enterprise instance.

Important: The Install App and Enterprise Security will both enable SSL. You must change the Splunk URL to use https instead of http after installing the Install App or ES.

Step 2. Launch the Splunk Enterprise Security Install App

With Splunk already running and while logged in as a Splunk administrator, navigate to to the Enterprise Security Install App on the Splunk Home page.

Es-Splunk home install app.png

Click the Enterprise Security Install App to launch it.

Step 3. Install the Splunk App for Enterprise Security

The Enterprise Security Install App shows that the Splunk App for Enterprise Security is not currently installed.

ES-install-first.png

Click Install to begin the installation. A dialog box reminds you that you must restart Splunk to finish the installation. Click OK, then click Restart Splunk in the lower right corner of the screen.

Notice the steps for the install shown on the left-hand side of the panel.

Step 4. Re-Launch Enterprise Security Install App after Splunk restart

When Splunk has restarted, click the link click here to continue and log in again.

Note: The Splunk App for Enterprise Security automatically enables SSL. The link to Splunk should already provide the correct protocol redirection (https). If you do not get redirected properly, check the protocol in your web browser (for example: https://localhost:8000).

ES-install-second.png

The Enterprise Security Install App displays:

    Splunk App for Enterprise Security is up to date. 
    Current version (version:3.1.x, build:xxxx) is installed.
    You will be notified of future updates. 

Important: Do not remove or disable the Enterprise Security Install App. The Install app will notify you of any updates to the Splunk App for Enterprise Security.

Step 5. Finalize the app setup

1. From Home, Choose the Enterprise Security app.

2. Choose Continue to app setup page on the App configuration dialog.

Important: After the upgrade is performed, if the setup procedure is not run there may display errors on some Enterprise Security dashboards.

3. Verify the settings on the Splunk App for Enterprise Security Setup page.

4. Choose Save. The Enterprise Security configure page appears.

5. Choose Enterprise Security to display the Enterprise Security Home page.

ES-homepage 3.0.png


Step 6. Configure Enterprise Security

See "Steps to configure" in this manual for details on configuring the Splunk App for Enterprise Security.

Last modified on 13 November, 2014
Install Add-ons   Steps to configure

This documentation applies to the following versions of Splunk® Enterprise Security: 3.1, 3.1.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters