It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕
It is part of Splunk Enterprise Security now, as you mentioned. So I guess the answer to your question is really "no, you can't use extreme search without Enterprise Security." 😕
So What about the comment from the Extreme Search Visualization app that says: "It is not necessary to use the XSV app or the Splunk App for Enterprise Security to use Extreme Search. Since Extreme Search is implemented as a set of extensions to Splunk's search language, it is available to any Splunk app."?
If you are an ES customer or can get your rep to provide XS you can install it. There is no actual dependance from an install standpoint on ES. Many ES customers use it on other search heads once they have it via their ES license.
I think that comment is outdated? It used to be true and it no longer is. Scianta's web site says "Extreme Search for Splunk is now owned and supported by Splunk Inc. It currently ships as part of the Splunk App for Enterprise Security."
The application still has python files and the various commands such as xsvcreateconcept so I thought it would work. I have not tested it yet though...
It is not necessary to use the XSV app
or the Splunk App for Enterprise
Security to use Extreme Search. Since
Extreme Search is implemented as a set
of extensions to Splunk's search
language, it is available to any
Splunk app.
