Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk App for Enterprise Security ERROR

hamedha
Engager
‎11-11-2019 01:08 AM

I have licences for splunk enterprise security.
So I tried to upload Splunk App for Enterprise Security but I get errors as show in pictures.

alt text

Preview file
27 KB
Preview file
22 KB
0 Karma
Reply

hamedha
Engager
‎11-12-2019 12:32 AM

I need help if any one knew how to solve this problem

0 Karma
Reply

jwelch_splunk
Splunk Employee
Splunk Employee
‎11-11-2019 05:42 AM

https://docs.splunk.com/Documentation/ES/6.0.0/RN/Enhancements

"MLTK app version 4.4 and Python for Scientific Computing apps for Linux 64-bit and Windows 64-bit are now included in the ES installer. This increases the ES package to >500MB, which will run into upload limit issues when installing ES from the SplunkWeb UI. See Install Splunk Enterprise Security for installation instructions."

https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity#Step_2._Install_Spl...
"The installer dynamically detects if you're installing in a single search head environment or search head cluster environment. The installer is also bigger than the default upload limit for Splunk Web.
Increase the Splunk Web upload limit by creating a file called $SPLUNK_HOME/etc/system/local/web.conf with the following stanza.
[settings]
max_upload_size = 1000 // increases SplunkWeb upload limit to 1GB
To restart Splunk from the Splunk toolbar, select Settings > Server controls and click Restart Splunk.
On the Splunk toolbar, select Apps > Manage Apps and click Install App from File.
Click Choose File and select the Splunk Enterprise Security product file.
Click Upload to begin the installation.
Click Set up now to start setting up Splunk Enterprise Security"

Reply

hamedha
Engager
‎11-11-2019 09:22 PM

thank for your fast replay.
I installed splunk in windows so I added this max_upload_size = 1000 in web.conf as you mention but i get same error. this is error log that I found in splunk system
-12-2019 09:14:32.393 +0400 WARN HttpListener - Read Timeout communicating with 127.0.0.1:51394, disconnecting

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-11-2019 05:24 AM

I've seen this, also. It caused by the ESS file being too large to upload to Splunk (I know, right?). The workaround is to use the CLI to install ESS. See https://docs.splunk.com/Documentation/ES/6.0.0/Install/InstallEnterpriseSecurity#Install_Splunk_Ente... for details.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

hamedha
Engager
‎11-12-2019 12:31 AM

thank for your replay
curl worked fine with me but I dont knew how to work with "search head"

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-14-2019 04:55 AM

I don't understand the problem you are having.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎11-15-2019 04:54 AM

Search heads are a very basic concept of Splunk that every Splunk admin must understand.
What specific part of my answer confuses you?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...