Splunk® IT Essentials Work

Overview of Splunk IT Essentials Work

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Install Splunk IT Essentials Work

To access and install IT Essentials Work, Splunk Cloud Platform customers need to file a case using the Splunk Support Portal at Support and Services or contact Splunk Customer Support. On-premises customers can install the IT Essentials Work app on single-instance and distributed deployments.

Install IT Essentials Work on Splunk Cloud Platform

This app isn't yet available for self-service installation on Splunk Cloud Platform. File a Cloud App Request to install IT Essentials Work on your Splunk Cloud Platform deployment using the Splunk Support Portal at Support and Services or contact Splunk Customer Support.

Install IT Essentials Work on a single, on-premises instance

At this time, you can't install IT Essentials Work from the Splunk Web interface.

IT Essentials Work is available on Splunkbase. Follow these steps to install the IT Essentials Work app on a single, on-premises instance:

  1. Download the IT Essentials Work app from Splunkbase.
  2. Put the downloaded file it-essentials-work_<latest_version>.spl into $SPLUNK_HOME/etc/apps.
  3. Stop your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk stop
    
  4. Extract the installation package into $SPLUNK_HOME/etc/apps. For example:
    tar -xvf it-essentials-work_<latest_version>.spl -C $SPLUNK_HOME/etc/apps
    

    On Windows, rename the file extension from .spl to .tgz first and use a third-party utility to perform the extraction.

  5. Start your Splunk platform deployment. For example:
    cd $SPLUNK_HOME/bin
    ./splunk start
    

Install IT Essentials Work in a search head cluster environment

Follow these steps to set up IT Essentials Work in a search head cluster environment.

If you install IT Essentials Work in an existing search head cluster environment that has other apps deployed already, you have to follow all of the steps in this section. Don't delete or remove any existing content in the $SPLUNK_HOME/etc/shcluster/apps folder.

1. Install IT Essentials Work in a search head cluster environment

To install IT Essentials Work on a search head cluster, perform the following steps:

  1. Log in to splunk.com with your credentials.
  2. Download the latest version of IT Essentials Work from Splunkbase.
  3. On the deployer, extract the IT Essentials Work installation package into $SPLUNK_HOME/etc/shcluster/apps. For example:
    tar -xvf splunk-it-essentials-work_<latest_version>.spl -C $SPLUNK_HOME/etc/shcluster/apps
    
  4. From the deployer, run the following command to deploy IT Essentials Work to the cluster members:
    splunk apply shcluster-bundle

2. Configure indexers and license masters

The IT Essentials Work installation package places all IT Essentials Work directories in $SPLUNK_HOME/etc/apps. Perform the following steps to set up indexers and license masters:

  1. Copy SA-IndexCreation found in the $SPLUNK_HOME/etc/apps/ directory to the same directory on all individual indexers in your environment.
  2. Install SA-ITSI-Licensechecker and SA-UserAccess on all license masters in your cluster. If a search head in your environment is also a license master, the license master components are installed when you install IT Essentials Work on the search heads.

3. Configure search heads and cluster members to forward data to indexers

In a search head cluster environment, configure search heads to forward data. For more information, see Best practice: Forward search head data to the indexer layer in the Splunk Enterprise Distributed Search manual.

4. (Optional) Migrate an existing search head to a search head cluster

You can't add a standalone IT Essentials Work search head or search head pool member to a search head cluster. To migrate IT Essentials Work configurations to a search head cluster, perform the following steps:

  1. Identify any custom configurations and modifications in the prior IT Essentials Work installation. Check to make sure there is no local copy of settings.conf that might conflict with the default file when you deploy IT Essentials Work to the cluster.
  2. Configure and start a search head cluster. For more information, see Deploy a search head cluster in the Splunk Enterprise Distributed Search manual.
  3. Deploy the latest version of IT Essentials Work on the search head cluster.
  4. Review and migrate the customized configurations to the search head cluster deployer for replication to the cluster members.
  5. Shut down the old IT Essentials Work search head.

For more information, see the topic Migrate settings from a standalone search head to a search head cluster in the Splunk Enterprise Distributed Search manual.

For assistance in planning a Splunk IT Essentials Work deployment migration, contact Splunk Services.

5. Configure data collection

You can collect data from Linux, Mac OS X, and Windows hosts, Kubernetes and OpenShift clusters, Docker containers, and VMware vCenter Servers. If you installed and configured the Splunk Add-on for Amazon Web Services on a heavy forwarder, you can also collect data from your AWS accounts. For more information, see Overview of entity integrations in ITSI.

Install IT Essentials Work in a distributed environment

You can install IT Essentials Work in any distributed Splunk Enterprise environment.

Where to install IT Essentials Work

Splunk instance type Supported Required Actions required
Search heads Yes Yes Install IT Essentials Work on all search heads. Search heads must be running a compatible version of Splunk Enterprise. For compatible versions, see the Splunk products version compatibility matrix.
Indexers Yes Yes SA-IndexCreation is required on all indexers. For non-clustered distributed environments, copy SA-IndexCreation to $SPLUNK_HOME/etc/apps/ on individual indexers. Indexers must be running a compatible version of Splunk Enterprise. For compatible versions, see the Splunk products version compatibility matrix.
License master Yes Yes Install SA-ITSI-Licensechecker and SA-UserAccess on any license master in a distributed or search head cluster environment. If a search head in your environment is also a license master, the license master components are installed when you install ITSI on the search heads.
Heavy forwarders Yes No The properties and transforms in SA-IndexCreation are required on heavy forwarders. Install the SA-ITSI-Licensechecker on any heavy forwarder.
Universal forwarders Yes No IT Essentials Work doesn't contain a data collection component.

Alongside IT Service Intelligence

IT Essentials Work can't be installed on the same search head of search head cluster as ITSI.

Last modified on 30 November, 2021
PREVIOUS
Overview of Splunk IT Essentials Work
  NEXT
Set up Splunk IT Essentials Work

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters