Splunk Enterprise Security

Config problem with Enterprise Security 3.0.2 on: Encounterd the following error 'localapps'

dave3131
Engager

A bit of a snag in the upgrade and install of a fresh ES 3.0.2 on Splunk 6.0.3. After the install, you have to configure the app. After you hit save you'll get:

Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=\/servicesNS\/nobody\/SplunkEnterpriseSecuritySuite\/admin\/enterprise_security_suite/general_settings

0 Karma
1 Solution

dave3131
Engager

Here is how to get around it:

cd to:

~/etc/apps/SplunkEnterpriseSecuritySuite

Create a local dir and copy app.conf from default dir (at the same level) to your newly created local directory.

vi/edit the file and change is_configured to true.

Then restart splunk.

View solution in original post

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Hi Dave,

ES 3.0.2 hasn't been released, are you sure about that version number?

0 Karma

dave3131
Engager

Here is how to get around it:

cd to:

~/etc/apps/SplunkEnterpriseSecuritySuite

Create a local dir and copy app.conf from default dir (at the same level) to your newly created local directory.

vi/edit the file and change is_configured to true.

Then restart splunk.

0 Karma
Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...