Splunk 9.0.0 on Windows servers
So I clicked on Apps \ Enterprise Security and I was greeted with that error
The "Enterprise Security" app has not been fully configured yet.
This app has configuration properties that can be customized for this Splunk instance. Depending on the app, these properties may or may not be required.
Unknown search command 'essinstall'.
1. SA-EndpointProtection has nothing to do with Symantec.
2. Did you bother to read https://docs.splunk.com/Documentation/ES/7.0.2/Install/Overview ?
next I attempted to install the app using the CLI as per the manual
https://docs.splunk.com/Documentation/Splunk/9.0.0/Admin/Managingappobjects?ref=hk
splunk install app <app_package_filename> -update 1 -auth <username>:<password>
alright this one really bothers me because Splunk is saying we MUST have a branded product called Symantec Endpoint Protection enabled in order to configure Enterprise Security
Think about it, do you even own this product?
I know stop it already, I get it:
so we gonna double up on these
well now I'm pot committed
ah yup
Error occurred attempting to enable SA-AuditAndDataProtection: .
alright at this point I'm seriously thinking I should have read some sort of a prerequisits doc but:
SA-AuditDataProtection needs to be enabled as well
and more of this
Error occurred attempting to enable SA-AuditAndDataProtection: .
and then it was on to the next error
SA-IdentityManagement
well I did not expect this: 503 Service Unavailable
one step forward one step back
another click another error: SA-NetworkProtection app appears to be disabled
alright, second verse same as the first, find the SA-NetworkProtection app and Enable it
Error occurred attempting to enable SA-NetworkProtection: .
ok the CLI install was succesfull but now the
fails with this error, why is this so difficult?
ok so I recon that Splunk SA Scientific Python app was just disabled, no biggie, enabled it and pressed on
so I downloaded the latest version of Splunk Enterprise Security and attempted to Install the App from File, only to be greeted with yet another vague error:
splunk-enterprise-security_710.spl