Splunk Enterprise Security

Splunk Enterprise Security Content Update and ES documentation inconsequence

alekwisnia
Explorer

User Guide for ESCU version 3.0.5 (https://docs.splunk.com/Documentation/ESSOC/3.0.5/user/ConfigureSplunkEnterpriseSecurity(ES)touseMLT...) refers to ES User Guide version 5.2.2 (https://docs.splunk.com/Documentation/ES/5.2.2/Install/ImportCustomApps#Import_add-ons_with_a_differ...) on how to install Custom Apps, in this case MLTK. 

The problem is, the same ES User Guide for current ES version (6.2.0) does not exist. I tried to follow the ESCU guide and configure "App Imports Update" but was unable to edit "update_es" input.

Shouldn't this be updated? What is the correct configuration of MLTK for ESCU?

0 Karma

richgalloway
SplunkTrust
SplunkTrust
Enterprise Security doesn't have the app import feature in version 6+. Apps are imported based on their security settings like with other Splunk apps.
Also, ES uses MLTK by default so there's no need to configure it to do so.
---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...

Introducing Edge Processor: Next Gen Data Transformation

We get it - not only can it take a lot of time, money and resources to get data into Splunk, but it also takes ...

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...