Splunk® Phantom Remote Search

Splunk Phantom Remote Search

Acrobat logo Download manual as PDF


Splunk Phantom Remote Search has been replaced by Splunk App for SOAR.
Acrobat logo Download topic as PDF

Install and upgrade the Splunk Phantom Remote Search app

Install the Splunk Phantom Remote Search app on your Splunk search heads or search head clusters, and on your indexers. Installing the Splunk Phantom Remote Search app adds the necessary Splunk Phantom roles and indexes to your Splunk server.

Use the tables below to determine where and how to install the Splunk Phantom Remote Search app in a Splunk Enterprise deployment.

Where to install the app in a distributed deployment

Use the table to determine where to install the app in a Splunk Enterprise distributed deployment.

Splunk instance type Can the app be installed here? Comments
Search Heads Yes Install this app on the search head.
Indexers Yes The app contains indexes or index-time transformations.
Forwarders No The app does not contain inputs for forwarder data collection.

Distributed deployment compatibility

Use the table to check the compatibility of the app with Splunk Enterprise distributed deployment features.

Distributed deployment feature Supported Comments
Search Head Clusters Yes Use the search head cluster deployer to distribute apps across search head cluster members. See Use the deployer to distribute apps and configuration updates in the Splunk Enterprise Distributed Search manual.
Indexer Clusters Yes The app contains indexes or index-time transformations.
Deployment Server No The app does not contain inputs for forwarder data collection.

Install or upgrade the app using Splunk Web

  1. Log in to the Splunk Enterprise search head.
  2. On the Applications menu, scroll to the bottom and select Find More Apps.
  3. On the Browse more apps page, locate the app in the list, or type the name in the search box.
  4. Provide your splunk.com credentials.
  5. Accept the license terms.
  6. (Optional) Click Upgrade app if you want to overwrite the existing installation.
  7. Click Login and Install.
  8. Click Done.

Install or upgrade the app from a downloaded file

  1. Log in to splunkbase.splunk.com.
  2. Download the Splunk Phantom Remote Search app and save it to an accessible location.
  3. Log in to the Splunk Enterprise search head.
  4. On the Applications menu, select the Mange Apps (The manage apps icon) icon.
  5. On the Apps page, click Install app from file.
  6. On the Upload app page, click the Choose file button to locate the app.
  7. (Optional) Click Upgrade app to overwrite the existing installation.
  8. Click Upload.
  9. Click Done.
Last modified on 28 May, 2021
PREVIOUS
About the Splunk Phantom Remote Search app 		  NEXT
Connect to a standalone Splunk instance

This documentation applies to the following versions of Splunk® Phantom Remote Search: 1.0.17

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters