Splunk Enterprise Security

How to install the Splunk App for Enterprise security on indexers in my deployment?

Defiant81
Explorer

I'm running 4 indexers, 1 search head and 1 master as my splunk enterprise architecture . I've read the instructions that state you must install the splunk enterprise security app on the search head and indexers. I've installed the app on the search head, but was wondering about the indexers.. Do I need to enable splunk web and install the app on each of the 4 indexers just like the search head? Is the installation different for the indexers?

Last question would be with the master.. should I go ahead and install the app on the master too?

just as an fyi.. I was going to initially drop the app on the master under the deployment apps folder and push them to the indexers..But then they wouldn't be configured the same..

0 Karma

mcronkrite
Splunk Employee
Splunk Employee

Once you install ES app to your Search Head, you should see some folders under /etc/apps/ that are like "SA-" "Splunk_TA_" and "TA-*" copy the ones you are using to your Indexing and U&H Forwarding tier.

Here is the Link in the ES configuration manual that discusses in more detail.
ES Config Manual Determine which add-ons to deploy

Defiant81
Explorer

To sum my question.. can someone tell me how I should install this app on my 4 indexers?

0 Karma
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...