All Apps and Add-ons

Can anyone confirm that OPSEC add-on can be installed on a Search Head cluster when using only the knowledge objects part of the add-on?

ikulcsar
Communicator

Hi,

We are planning to implement SH cluster. We also use OPSEC LEA Add-on for the firewall log collection. Docs say: Search Head Clusters NOT supported. (http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Install)

Can anyone confirm that OPSEC add-on can be installed on a SH cluster when using only the knowledge objects part of the add-on? The scripted inputs are handled on HFs.

Regards,
Istvan

0 Karma
1 Solution

jkat54
SplunkTrust
SplunkTrust

Sure, absolutely, but you’ll have to pull out whatever you need and put it in a shell app.

iirc, the opseclea app has scripted inputs that further extend its capabilities. You’ll want to disable all of that stuff and test in a lower environment if possible.

View solution in original post

0 Karma

jkat54
SplunkTrust
SplunkTrust

Sure, absolutely, but you’ll have to pull out whatever you need and put it in a shell app.

iirc, the opseclea app has scripted inputs that further extend its capabilities. You’ll want to disable all of that stuff and test in a lower environment if possible.

0 Karma

ikulcsar
Communicator

Hi,

Thanks for your answer.

"pull out whatever you need and put it in a shell app": you mean I have to collect all the needed conf files and exclude the inputs and put it into a new app, then install the new app into SH cluster?

If I understand you correctly, you not installed OPSEC Lea, but have a similar app installed it already into SH cluster?

Regards,
István

0 Karma

jkat54
SplunkTrust
SplunkTrust
  1. Almost never do we ever install modular inputs apps on SHCs.
  2. Refer to the documentation for instructions for installing in SHC

http://docs.splunk.com/Documentation/AddOns/released/OPSEC-LEA/Install#Where_to_install_this_add-on

0 Karma
Get Updates on the Splunk Community!

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...

New Dates, New City: Save the Date for .conf25!

Wake up, babe! New .conf25 dates AND location just dropped!! That's right, this year, .conf25 is taking place ...

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...