Splunk Enterprise Security

Can I install Extreme Search without Splunk Enterprise Security?

noybin
Communicator

Can I install and use Extreme Search without Enterprise Seurity?

If yes, where should be installed (Search Head, Indexers)?

Any recommendations to consider?

Thank you very much.

1 Solution

ChrisG
Splunk Employee
Splunk Employee

It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕

View solution in original post

jdeer0618
Explorer

Can't hurt to ask your sales rep or SE if you have one. They might be able to hook you up with Extreme Search as a standalone app.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕

noybin
Communicator

So What about the comment from the Extreme Search Visualization app that says:
"It is not necessary to use the XSV app or the Splunk App for Enterprise Security to use Extreme Search. Since Extreme Search is implemented as a set of extensions to Splunk's search language, it is available to any Splunk app."?

0 Karma

starcher
Influencer

If you are an ES customer or can get your rep to provide XS you can install it. There is no actual dependance from an install standpoint on ES. Many ES customers use it on other search heads once they have it via their ES license.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

I think that comment is outdated? It used to be true and it no longer is. Scianta's web site says "Extreme Search for Splunk is now owned and supported by Splunk Inc. It currently ships as part of the Splunk App for Enterprise Security."

0 Karma

gjanders
SplunkTrust
SplunkTrust

The application still has python files and the various commands such as xsvcreateconcept so I thought it would work. I have not tested it yet though...

0 Karma

gjanders
SplunkTrust
SplunkTrust

As per the Extreme Search Visualisation page

It is not necessary to use the XSV app
or the Splunk App for Enterprise
Security to use Extreme Search. Since
Extreme Search is implemented as a set
of extensions to Splunk's search
language, it is available to any
Splunk app.

Just install the application on your search head,

0 Karma

noybin
Communicator

Thank you!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

That is just the visualization support. Extreme Search itself is no longer available as a separate app.

0 Karma

noybin
Communicator

So how can I use Extreme search then?

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...