Solved: Re: How to make URL Toolbox available from the Spl...

mdessus_splunk · ‎06-24-2015

Since ES filters apps imported by name (TA... ), you need to force the import by modifying the file /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/local/inputs.conf and changing the app_regex in the stanza [app_imports_update://update_es]:

[app_imports_update://update_es]
app_regex = utbox
disabled = 0

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

View solution in original post

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

mdessus_splunk · ‎10-28-2015

According to some fellow splunkers, the regex should be more similar to that one:

app_regex = ([DST]A-.)|(Splunk_[DST]A_.)|(SplunkEnterpriseSecuritySuite)|(utbox)

mdessus_splunk · ‎06-24-2015

And the answer in the already in the question 🙂

mdessus_splunk · ‎10-27-2015

Note that this seems to cause an issue when upgrading (at least) to ES 4.0. Remove this setting before !
I'll report this issue.

mdessus_splunk · ‎10-28-2015

Should be fixed in ES 4.0.1.

How to make URL Toolbox available from the Splunk App for Enterprise Security?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life