Facing problem during configure "Splunk Enterprise...

arun_kant_sharm · ‎01-14-2020

Hi Experts,

I try to install "Splunk Enterprise Security Suite" in my standalone environment.
For this I follow:
https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecuritySHC

But when I try to follow below step:

Install Enterprise Security on the deployer.
Increase the Splunk Web upload limit, for example to 1GB, by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.
[settings]
max_upload_size = 1000

Then I restart my splunk server, so at the time of restart it give below error
WARNING: web interface does not seem to be available!

Kindly suggest the right guide for installing and configuring "Splunk Enterprise Security Suite".

ndias_splunk · ‎01-16-2020

By chance, did you follow the guide exactly? Did you include the comment in the stanza?

max_upload_size = 1000 // increases SplunkWeb upload limit to 1GB

If so, try removing the comment so the stanza is:

max_upload_size = 1000

Then restart Splunk.

arun_kant_sharm · ‎01-14-2020

My Splunk instance are on AWS EC2 using instance type c5.4xlarge

jawaharas · ‎01-14-2020

What's the output of './splunk btool check' command?
Did you make changes to $SPLUNK_HOME/etc/system/default/web.conf file?
What's are the errors you can see in 'splunkd.log' file?

Facing problem during configure "Splunk Enterprise Security Suite"

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation