Install the Splunk Enterprise Security Content Update Subscription Service
- Check that your environment meets the Prerequisites.
- Plan your installation.
- Install ESCU using Splunk Web or Install ESCU from a downloaded file.
- Add the Analytic Story Detail view to your instance of Splunk Enterprise Security.
Prerequisites
| Operating system | Linux/Windows |
| Splunk Enterprise | Supports version 7.0 or later |
| Splunk Cloud | Supported |
| Splunk Enterprise Security | Supports version 4.7.0 or later |
Plan your installation
Use the tables below to determine where and how to install Splunk Enterprise Security Content Update (Splunk ESCU) on your deployment of Splunk Enterprise Security (Splunk ES).
Distributed installation of this add-on
Use the table to determine where to install ESCU in a Splunk Enterprise Security distributed deployment.
| Splunk instance type | Supported | Comments |
|---|---|---|
| Search Heads | Yes | Install ESCU on the Enterprise Security search head. |
| Indexers | No | ESCU does not contain indexes or index-time transformations. |
| Forwarders | No | ESCU does not contain inputs for forwarder data collection. |
Distributed deployment feature compatibility
Use the table to check the compatibility of ESCU with Splunk Enterprise distributed deployment features.
| Distributed deployment feature | Supported | Comments |
|---|---|---|
| Search Head Clusters | Yes | Use the search head cluster deployer to distribute ESCU across search head cluster members. See Install an add-on in a distributed Splunk Enterprise deployment in the Splunk Add-ons documentation. |
| Indexer Clusters | No | ESCU does not contain indexes or index-time transformations. |
| Deployment Server | No | ESCU does not contain inputs for forwarder data collection. |
Install ESCU using Splunk Web
- Log in to Splunk Web on your Splunk Enterprise Security search head.
- From the Splunk Web home page, click the Apps gear icon.
- Click Browse more apps.
- On the Browse more apps page, locate the Splunk ES Content Update in the list.
- Provide your splunk.com credentials.
- Accept the license terms.
- Click Login and Install.
- Click Done.
- Restart Splunk services to complete the installation.
Install ESCU from a downloaded file
- Log in to splunkbase.splunk.com.
- Download Splunk ES Content Update and save it to an accessible location on your system.
- Log in to Splunk Web on your Splunk Enterprise Security search head.
- On the Splunk Enterprise menu bar, open Searching and Reporting > App and select Manage Apps.
- On the Apps page, click Install App from file.
- On the Upload app page, click the Choose file button to locate the Splunk ES Content Update file.
- Click Upload.
- Click Done.
Add the Analytic Story Detail view to your instance of Splunk Enterprise Security
Use the Navigation editor to add the Analytic Story Detail view to your Splunk Enterprise Security menu bar. See Customize the menu bar in Splunk Enterprise Security in Administer Splunk Enterprise Security for details.
This documentation applies to the following versions of Splunk® Enterprise Security Content Update: 3.30.0, 3.31.0, 3.32.0, 3.33.0, 3.34.0, 3.35.0, 3.36.0, 3.37.0, 3.38.0, 3.39.0, 3.40.0, 3.41.0, 3.42.0, 3.43.0, 3.44.0, 3.45.0, 3.46.0, 3.47.0, 3.48.0, 3.49.0, 3.50.0, 3.51.0, 3.52.0, 3.53.0, 3.54.0, 3.55.0, 3.56.0, 3.57.0, 3.58.0, 3.59.0, 3.60.0, 3.61.0, 3.62.0, 3.63.0, 3.64.0, 4.0.0, 4.0.1, 4.1.0, 4.2.0, 4.3.0, 4.4.0, 4.5.0, 4.6.0, 4.7.0, 4.8.0, 4.9.0, 4.10.0, 4.11.1, 4.12.0, 4.13.0, 4.14.0, 4.15.0, 4.16.0, 4.17.0, 4.18.0, 4.19.0, 4.20.0, 4.21.0, 4.22.0, 4.23.0, 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, 4.29.0, 4.30.0, 4.31.0, 4.31.1, 4.32.0, 4.33.0, 4.34.0, 4.35.0, 4.36.0, 4.37.0, 4.38.0, 4.39.0, 4.40.0, 4.41.0, 4.42.0, 4.43.0
Download manual
Feedback submitted, thanks!