I have Splunk Enterprise 9.3.1. I looked through the limits.conf but not sure where to edit. How do I increase the upload size?

https://docs.splunk.com/Documentation/Splunk/latest/Admin/Webconf

max_upload_size = <integer>
* The hard maximum limit, in megabytes, of uploaded files.
* Default: 500

But it seems that might not be it. SSE app is just slightly over 50MBs in size whereas ES is - as far as I remember around 700MB.

Unless someone lowered that limit in your environment from the default value.

Anyway, you can just deploy the app either by uploading the file to the server and running

splunk install app your_sse_archive_name_here.tgz

Or just unpack it to its proper directory in $SPLUNK_HOME/etc/apps.

SSE as far as I remember doesn't include any fancy installation process like ES does.

I was not able to install the app so I decided to go the last path by unzipping and adding to the apps location, but I get an error 0x8000ffff catastrophic failure when trying to extract. I went to download again from Splunk and the same issue. I tried with Edge, Chrome and Firefox. Other apps I downloaded I have no issue with but this one I do.

DISA is blocking me so will have to create a work around.

Will update when I figure it out.

@ptothehil did you manage to get any further with this issue?

@ptothehil This is the resolution for me too. I downloaded it on a personal device and hashed it and it was the correct hash. When attempting to bring it onto the corporate network it is being corrupted as it is being flagged as containing a virus. 

That's awesome. Glad it worked for you too 🙂

I got the same trying to extract the file and when I tried it with a previous version 3.7.1.

I tried the command line install but didn't have an account it would allow. 

I have just tried to increase the upload max size as described here but when attempting to install I get the same error message.

I haven't heard anything yet. I don't know if this place is active.