Splunk Enterprise Security

Unable to deploy Enterprise Security add-ons to Indexers

cemiam
Path Finder

Hi,

I have 1 SH and 3 clustered indexers. I have installed Enterprise Security to SH and follow workaround to deploy add-ons to indexers. I have downloaded Splunk_TA_ForIndexers from the Enterprise Security and upload it under $SPLUNK_HOME/etc/master-apps on SH which is also configured as cluster master. Then hit Validate and Check Restart under Index Clustering > Edit > Configuration Bundle Actions but it didn't find anything to deploy. Active Bundle ID and Latest Bundle ID seems the same. What should I do to overcome such an issue?

Best Regards,

0 Karma

mayurr98
Super Champion
0 Karma

cemiam
Path Finder

Hi,

I am following this Create the "Splunk_TA_ForIndexers and manage deployment manually" procedure on link below. I have downloaded Splunk_TA_ForIndexers placed it under $SPLUNK_HOME/etc/master-apps on the Search Head.

0 Karma
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques

Hello! We are excited to kick off a new series of blogs from SplunkTrust member ITWhisperer, who demonstrates ...

Message Parsing in SOCK

Introduction This blog post is part of an ongoing series on SOCK enablement. In this blog post, I will write ...

Exploring the OpenTelemetry Collector’s Kubernetes annotation-based discovery

We’ve already explored a few topics around observability in a Kubernetes environment -- Common Failures in a ...