Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Facing problem during configure "Splunk Enterprise Security Suite"

arun_kant_sharm
Path Finder
‎01-14-2020 09:33 PM

Hi Experts,

I try to install "Splunk Enterprise Security Suite" in my standalone environment.
For this I follow:
https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecuritySHC

But when I try to follow below step:

Install Enterprise Security on the deployer.
Increase the Splunk Web upload limit, for example to 1GB, by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.
[settings]
max_upload_size = 1000

Then I restart my splunk server, so at the time of restart it give below error
WARNING: web interface does not seem to be available!

Kindly suggest the right guide for installing and configuring "Splunk Enterprise Security Suite".

Reply

ndias_splunk
Splunk Employee
Splunk Employee
‎01-16-2020 07:36 AM

By chance, did you follow the guide exactly? Did you include the comment in the stanza?

max_upload_size = 1000 // increases SplunkWeb upload limit to 1GB

If so, try removing the comment so the stanza is:

max_upload_size = 1000

Then restart Splunk.

0 Karma
Reply

arun_kant_sharm
Path Finder
‎01-14-2020 09:40 PM

My Splunk instance are on AWS EC2 using instance type c5.4xlarge

0 Karma
Reply

jawaharas
Motivator
‎01-14-2020 10:08 PM
  1. What's the output of './splunk btool check' command?
  2. Did you make changes to $SPLUNK_HOME/etc/system/default/web.conf file?
  3. What's are the errors you can see in 'splunkd.log' file?
0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...