also i tried to scp the .tgz file from my local folder to the virtual server so i can untar and install it there but was getting "permission denied" error (screenshot attached). can you help pls.

Use chmod to set the permissions.

You do not need any apps or add-ons to use the BOTS data set.

hi @richgalloway ,

so i was able to install botsv3 but got this error after restarting and splunkd stopped running. pls how can i solve this cos i can see am almost there. thanxx.

homePath='/opt/splunk/etc/apps/botsv3_data_set/var/lib/splunk/botsv3/db' of index=botsv3 on unusable filesystem.

Validating databases (splunkd validatedb) failed with code '1'

attached is the screenshot,

You'll need to fix the filesystem on which the botsv3 index is stored.  Perhaps it's in read-only mode or maybe the permissions on the botsv3 directory are incorrect.

ok lemme try that. Thanks for your time.

It's out of scope of this forum I'm afraid. It's not that I don't want to help you out here but you obviously have problems with most basic unix CLI operations so it's better that you train somewhere else than if I give you a copy-paste solution which you can mistype and break your whole installation.

Find some basic unix/linux CLI tutorial and start from there.

i dont understand . i already have a good hand in linux. If i could deploy a fully clustered splunk environment then i dont think i need basic linux training. But its ok if you say so. thanxx.

Sorry, mate, but it seems so.

From the screenshots you provided it seems that you're trying to "run" your home directory and your scp syntax is wrong (use man scp to read about it). It's not an insult. It's just pointing out that you're missing the basics.

hey bro do i need to download and install all the app/add -on before installing the BOTS v3? Cos i decided not to download the ones that had to do with microsoft and windows since am using Mac.

hi @richgalloway thanxx bro i seen it in v3.