Splunk Enterprise Security

Splunk App for Enterprise Security ERROR

hamedha
Engager

I have licences for splunk enterprise security.
So I tried to upload Splunk App for Enterprise Security but I get errors as show in pictures.

alt text

0 Karma

hamedha
Engager

I need help if any one knew how to solve this problem

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

https://docs.splunk.com/Documentation/ES/6.0.0/RN/Enhancements

"MLTK app version 4.4 and Python for Scientific Computing apps for Linux 64-bit and Windows 64-bit are now included in the ES installer. This increases the ES package to >500MB, which will run into upload limit issues when installing ES from the SplunkWeb UI. See Install Splunk Enterprise Security for installation instructions."

https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity#Step_2._Install_Spl...
"The installer dynamically detects if you're installing in a single search head environment or search head cluster environment. The installer is also bigger than the default upload limit for Splunk Web.
Increase the Splunk Web upload limit by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.
[settings]
max_upload_size = 1000 // increases SplunkWeb upload limit to 1GB
To restart Splunk from the Splunk toolbar, select Settings > Server controls and click Restart Splunk.
On the Splunk toolbar, select Apps > Manage Apps and click Install App from File.
Click Choose File and select the Splunk Enterprise Security product file.
Click Upload to begin the installation.
Click Set up now to start setting up Splunk Enterprise Security"

hamedha
Engager

thank for your fast replay.
I installed splunk in windows so I added this max_upload_size = 1000 in web.conf as you mention but i get same error. this is error log that I found in splunk system
-12-2019 09:14:32.393 +0400 WARN HttpListener - Read Timeout communicating with 127.0.0.1:51394, disconnecting

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I've seen this, also. It caused by the ESS file being too large to upload to Splunk (I know, right?). The workaround is to use the CLI to install ESS. See https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity#Install_Splunk_Ente... for details.

---
If this reply helps you, Karma would be appreciated.
0 Karma

hamedha
Engager

thank for your replay
curl worked fine with me but I dont knew how to work with "search head"

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I don't understand the problem you are having.

---
If this reply helps you, Karma would be appreciated.
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Search heads are a very basic concept of Splunk that every Splunk admin must understand.
What specific part of my answer confuses you?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...