As the title says, I installed the PUR app on ES and non-ES SHs. The app did run and return results on non-ES SH but not on ES SH.
Can somebody please explain what might be the potential reason behind this or how I can fix this ?
Hi
Are you using this https://splunkbase.splunk.com/app/5483/ or the older one?
If I recall right the older's description said that it cannot run against ES or ITSI. The newer said it little bit differently, that it maybe cannot scan big applications. So this is known limitations for ensuring compatibility of ES. Anyhow you can check that compatibility from Splunk documentations and then select and update ES version which is supported.
r. Ismo