All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Installation of SOAR on different linux version

biwanari
Explorer
‎07-16-2024 08:03 AM

Hello everyone,

My problem is as follows:

I need to install Splunk Soar on my home laboratory.
Now seeing that the versions are compatible with Centos7/8 which are deprecated, the moment I launch soar-installer or the soar-prepare-installer file, problems arise. Now since I have searched community and web but no luck.

Is there a possibility to install SOAR on ubuntu? Also it is true that Amazon Linux 2 and RHEL is recommended, but is it possible that there is no way to install SOAR on other linux distribution?

Thank you,
biwanari

Labels (2)
Labels
Tags (3)
0 Karma
Reply

marnall
Motivator
‎07-21-2024 11:40 AM

Indeed, SOAR on-prem is in an awkward situation for OS support. SOAR on-prem only supports Amazon Linux 2, RHEL, or the end-of-support CENTOS.

The SOAR automation broker runs on Debian, but that only helps you if you are using the Cloud version of SOAR.

I believe there was some chatter in the #SOAR usergroup about adding support for 2 other CENTOS-related linux distros, but it's not there yet.

You probably could get SOAR running on a distro similar to CENTOS, but you'd have to spend more time tinkering to get it working.

0 Karma
Reply

biwanari
Explorer
‎07-21-2024 12:29 PM

Yes, finally by getting my hands dirty on RHEL8 I was able to install soar. I hope Splunk takes measures because next year rhel8 reaches EOL and that will become an issue to take the certification as well.

I read on reddit about people who modified the soar files to install it on centos-like systems, but it takes a lot of time.

Having said that I hope they take action because such a situation is not possible.

I hope this post will be read by people who have had the same problem as me so I can help them ae write to me on this post.

Greetings,
Andrew

0 Karma
Reply

alwinhb
New Member
‎01-16-2025 10:57 PM

@biwanari  Can you help me with the steps of installation of Splunk Soar <Free Trial/UN-Privileged> in RHEL Version 9

0 Karma
Reply

biwanari
Explorer
‎01-17-2025 12:04 AM

Could you be more specific?

I suggest you to install on RHEL8 because SOAR does not officially support RHEL9.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...