All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Installation of SOAR on different linux version

biwanari
Explorer
‎07-16-2024 08:03 AM

Hello everyone,

My problem is as follows:

I need to install Splunk Soar on my home laboratory.
Now seeing that the versions are compatible with Centos7/8 which are deprecated, the moment I launch soar-installer or the soar-prepare-installer file, problems arise. Now since I have searched community and web but no luck.

Is there a possibility to install SOAR on ubuntu? Also it is true that Amazon Linux 2 and RHEL is recommended, but is it possible that there is no way to install SOAR on other linux distribution?

Thank you,
biwanari

Labels (2)
Labels
Tags (3)
0 Karma
Reply

marnall
Motivator
‎07-21-2024 11:40 AM

Indeed, SOAR on-prem is in an awkward situation for OS support. SOAR on-prem only supports Amazon Linux 2, RHEL, or the end-of-support CENTOS.

The SOAR automation broker runs on Debian, but that only helps you if you are using the Cloud version of SOAR.

I believe there was some chatter in the #SOAR usergroup about adding support for 2 other CENTOS-related linux distros, but it's not there yet.

You probably could get SOAR running on a distro similar to CENTOS, but you'd have to spend more time tinkering to get it working.

0 Karma
Reply

biwanari
Explorer
‎07-21-2024 12:29 PM

Yes, finally by getting my hands dirty on RHEL8 I was able to install soar. I hope Splunk takes measures because next year rhel8 reaches EOL and that will become an issue to take the certification as well.

I read on reddit about people who modified the soar files to install it on centos-like systems, but it takes a lot of time.

Having said that I hope they take action because such a situation is not possible.

I hope this post will be read by people who have had the same problem as me so I can help them ae write to me on this post.

Greetings,
Andrew

0 Karma
Reply

alwinhb
New Member
‎01-16-2025 10:57 PM

@biwanari  Can you help me with the steps of installation of Splunk Soar <Free Trial/UN-Privileged> in RHEL Version 9

0 Karma
Reply

biwanari
Explorer
‎01-17-2025 12:04 AM

Could you be more specific?

I suggest you to install on RHEL8 because SOAR does not officially support RHEL9.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...