Splunk Enterprise Security

Unable to deploy Enterprise Security add-ons to Indexers

cemiam
Path Finder

Hi,

I have 1 SH and 3 clustered indexers. I have installed Enterprise Security to SH and follow workaround to deploy add-ons to indexers. I have downloaded Splunk_TA_ForIndexers from the Enterprise Security and upload it under $SPLUNK_HOME/etc/master-apps on SH which is also configured as cluster master. Then hit Validate and Check Restart under Index Clustering > Edit > Configuration Bundle Actions but it didn't find anything to deploy. Active Bundle ID and Latest Bundle ID seems the same. What should I do to overcome such an issue?

Best Regards,

0 Karma

mayurr98
Super Champion
0 Karma

cemiam
Path Finder

Hi,

I am following this Create the "Splunk_TA_ForIndexers and manage deployment manually" procedure on link below. I have downloaded Splunk_TA_ForIndexers placed it under $SPLUNK_HOME/etc/master-apps on the Search Head.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...