Solved: Does Splunk ES need the add-on and app or just the...

mikefg · ‎12-22-2020

Working on a new ES install. Does the ES search head need the app and add-on for each technology or just the add-on? Does it matter if the app and add-on are both installed?

lkutch_splunk · ‎12-23-2020

... so you would have to download the ones that you need from Splunkbase instead.

View solution in original post

richgalloway · ‎12-23-2020

ES doesn't exist without the app so it must be installed. As part of the installation process, you will be asked to choose the add-ons you need.

---
If this reply helps you, Karma would be appreciated.

mikefg · ‎12-23-2020

I understand that the ES app itself is needed, my question is about the rest of the technologies; firewalls, etc. As I understand it I only need to install the add-on for these on the ES search head and not the app, unless I want to use the app on the ES search head, correct?

I went through the install and I don't remember a step asking me about choosing add-ons. Fresh install of ES 6.4.

richgalloway · ‎12-23-2020

Correct. You only need the TAs and not the apps.

---
If this reply helps you, Karma would be appreciated.

lkutch_splunk · ‎12-23-2020

As of ES 6.2, almost all of the add-ons have been removed from the installer:

https://docs.splunk.com/Documentation/ES/6.2.0/RN/Enhancements

https://docs.splunk.com/Documentation/ES/6.2.0/RN/Enhancements#Add-ons

lkutch_splunk · ‎12-23-2020

... so you would have to download the ones that you need from Splunkbase instead.

mikefg · ‎12-23-2020

Gotcha, thanks!

Does Splunk ES need the add-on and app or just the add-on?

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)