Splunk Enterprise Security

Splunk Enterprise Security Content Update and ES documentation inconsequence


User Guide for ESCU version 3.0.5 (https://docs.splunk.com/Documentation/ESSOC/3.0.5/user/ConfigureSplunkEnterpriseSecurity(ES)touseMLT...) refers to ES User Guide version 5.2.2 (https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps#Import_add-ons_with_a_differ...) on how to install Custom Apps, in this case MLTK. 

The problem is, the same ES User Guide for current ES version (6.2.0) does not exist. I tried to follow the ESCU guide and configure "App Imports Update" but was unable to edit "update_es" input.

Shouldn't this be updated? What is the correct configuration of MLTK for ESCU?

0 Karma

Enterprise Security doesn't have the app import feature in version 6+. Apps are imported based on their security settings like with other Splunk apps.
Also, ES uses MLTK by default so there's no need to configure it to do so.
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...