A bit of a snag in the upgrade and install of a fresh ES 3.0.2 on Splunk 6.0.3. After the install, you have to configure the app. After you hit save you'll get:
Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=\/servicesNS\/nobody\/SplunkEnterpriseSecuritySuite\/admin\/enterprise_security_suite/general_settings
Here is how to get around it:
cd to:
~/etc/apps/SplunkEnterpriseSecuritySuite
Create a local dir and copy app.conf from default dir (at the same level) to your newly created local directory.
vi/edit the file and change is_configured to true.
Then restart splunk.
Hi Dave,
ES 3.0.2 hasn't been released, are you sure about that version number?
Here is how to get around it:
cd to:
~/etc/apps/SplunkEnterpriseSecuritySuite
Create a local dir and copy app.conf from default dir (at the same level) to your newly created local directory.
vi/edit the file and change is_configured to true.
Then restart splunk.