Solved: How to make URL Toolbox available from the Splunk ...

mdessus_splunk · ‎06-24-2015

Since ES filters apps imported by name (TA... ), you need to force the import by modifying the file /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/local/inputs.conf and changing the app_regex in the stanza [app_imports_update://update_es]:

[app_imports_update://update_es]
app_regex = utbox
disabled = 0

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

View solution in original post

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

mdessus_splunk · ‎10-28-2015

According to some fellow splunkers, the regex should be more similar to that one:

app_regex = ([DST]A-.)|(Splunk_[DST]A_.)|(SplunkEnterpriseSecuritySuite)|(utbox)

mdessus_splunk · ‎06-24-2015

And the answer in the already in the question 🙂

mdessus_splunk · ‎10-27-2015

Note that this seems to cause an issue when upgrading (at least) to ES 4.0. Remove this setting before !
I'll report this issue.

mdessus_splunk · ‎10-28-2015

Should be fixed in ES 4.0.1.

How to make URL Toolbox available from the Splunk App for Enterprise Security?

Announcing the Expansion of the Splunk Academic Alliance Program

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Buttercup Games: Further Dashboarding Techniques (Part 7)