Splunk Enterprise Security
Highlighted

Facing problem during configure "Splunk Enterprise Security Suite"

Path Finder

Hi Experts,

I try to install "Splunk Enterprise Security Suite" in my standalone environment.
For this I follow:
https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecuritySHC

But when I try to follow below step:

Install Enterprise Security on the deployer.
Increase the Splunk Web upload limit, for example to 1GB, by creating a file called $SPLUNKHOME/etc/system/local/web.conf with the following stanza.
[settings]
max
upload_size = 1000

Then I restart my splunk server, so at the time of restart it give below error
WARNING: web interface does not seem to be available!

Kindly suggest the right guide for installing and configuring "Splunk Enterprise Security Suite".

Highlighted

Re: Facing problem during configure "Splunk Enterprise Security Suite"

Path Finder

My Splunk instance are on AWS EC2 using instance type c5.4xlarge

0 Karma
Highlighted

Re: Facing problem during configure "Splunk Enterprise Security Suite"

Motivator
  1. What's the output of './splunk btool check' command?
  2. Did you make changes to $SPLUNK_HOME/etc/system/default/web.conf file?
  3. What's are the errors you can see in 'splunkd.log' file?
0 Karma
Highlighted

Re: Facing problem during configure "Splunk Enterprise Security Suite"

Splunk Employee
Splunk Employee

By chance, did you follow the guide exactly? Did you include the comment in the stanza?

max_upload_size = 1000 // increases SplunkWeb upload limit to 1GB

If so, try removing the comment so the stanza is:

max_upload_size = 1000

Then restart Splunk.

0 Karma