Enterprise Security on SHC

Nawab

I have installed ES on deployer as suggested by splunk docs, then transfered this app to /opt/splunk/etc/shcluster/apps and pushed the apps to my cluster.

but still when I open ES on any search head it still says Post instal configurations and when I click configure it says you can not do it on SHC member

Nawab

I tried it again, usign the same method you suggested,

deployed and configured the app on deployer and pushed the config bundle, but its still the same

kiran_panchavat

@Nawab

Reconfiguring Splunk Enterprise Security is what I would advise you to do, however if the problem persists, open a support ticket.

https://docs.splunk.com/Documentation/ES/8.0.40/Install/InstallSplunkESinSHC#Installing_Splunk_Enter...

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

PickleRick

Wait. As far as I remember (it's been some time since I did it last time) you don't manually copy anything. When you run the installer in deployer mode it takes care of preparing the shcluster bundle. That's why you run it exactly as described - upload the app to the deployer, run the installer on the deployer, apply shcluster-bundle. No manual copying stuff anywhere.

meetmshah

Yes, this is right. There's no copy/pasting. We may need to update some parameters to support larger upload, but apart from that we can simply upload the ES package from the UI, perform the setup and deploy the Bundle.

Nawab

I followed these steps, installed ES on deployer, configured it. Mission control is not working on deployer, then I copied ES to shcluster/apps and pushed the configuration. now all DA-ESS and SA apps are present in apps of each SHC member, but still when I click ES app or mission control app on cluster member it says continue to setup page.

not sure why

Nawab

Followed every thing exactly described in docs

kiran_panchavat

@Nawab

Installing ES on a Search Head Cluster

Deployer:

1. On the Splunk toolbar, select Apps > Manage Apps and click Install app from file
2. Click Choose File and select the Splunk Enterprise Security file
3. Click Upload to begin the installation
4. Click Continue to app setup page
5. Click Start Configuration Process, and wait for it to complete
6. Use the Deployer to deploy ES to the cluster members. From the Deployer run:

/opt/splunk/bin/splunk apply shcluster-bundle

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

kiran_panchavat

@Nawab - Please make sure that you followed all pre-requisites for SHC and ES on SHC.

https://docs.splunk.com/Documentation/ES/8.0.2/Install/InstallSplunkESinSHC

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!

Enterprise Security on SHC

search head clustering

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Are you a member of the Splunk Community?

Enterprise Security on SHC

search head clustering

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0