Splunk Enterprise Security

Can I install Extreme Search without Splunk Enterprise Security?

noybin
Communicator

Can I install and use Extreme Search without Enterprise Seurity?

If yes, where should be installed (Search Head, Indexers)?

Any recommendations to consider?

Thank you very much.

1 Solution

ChrisG
Splunk Employee
Splunk Employee

It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕

View solution in original post

jdeer0618
Explorer

Can't hurt to ask your sales rep or SE if you have one. They might be able to hook you up with Extreme Search as a standalone app.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕

noybin
Communicator

So What about the comment from the Extreme Search Visualization app that says:
"It is not necessary to use the XSV app or the Splunk App for Enterprise Security to use Extreme Search. Since Extreme Search is implemented as a set of extensions to Splunk's search language, it is available to any Splunk app."?

0 Karma

starcher
Influencer

If you are an ES customer or can get your rep to provide XS you can install it. There is no actual dependance from an install standpoint on ES. Many ES customers use it on other search heads once they have it via their ES license.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

I think that comment is outdated? It used to be true and it no longer is. Scianta's web site says "Extreme Search for Splunk is now owned and supported by Splunk Inc. It currently ships as part of the Splunk App for Enterprise Security."

0 Karma

gjanders
SplunkTrust
SplunkTrust

The application still has python files and the various commands such as xsvcreateconcept so I thought it would work. I have not tested it yet though...

0 Karma

gjanders
SplunkTrust
SplunkTrust

As per the Extreme Search Visualisation page

It is not necessary to use the XSV app
or the Splunk App for Enterprise
Security to use Extreme Search. Since
Extreme Search is implemented as a set
of extensions to Splunk's search
language, it is available to any
Splunk app.

Just install the application on your search head,

0 Karma

noybin
Communicator

Thank you!

0 Karma

ChrisG
Splunk Employee
Splunk Employee

That is just the visualization support. Extreme Search itself is no longer available as a separate app.

0 Karma

noybin
Communicator

So how can I use Extreme search then?

0 Karma
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...