Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

What is this error: Unknown search command 'essinstall'.?

Gregski11
Contributor
‎01-13-2023 09:49 AM

Splunk 9.0.0 on Windows servers 

So I clicked on Apps \ Enterprise Security and I was greeted with that error

App configuration

The "Enterprise Security" app has not been fully configured yet.

This app has configuration properties that can be customized for this Splunk instance. Depending on the app, these properties may or may not be required.

Unknown search command 'essinstall'.

OK
Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎01-14-2023 01:42 AM

1. SA-EndpointProtection has nothing to do with Symantec.

2. Did you bother to read https://docs.splunk.com/Documentation/ES/7.0.2/Install/Overview ?

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 11:23 AM

next I attempted to install the app using the CLI as per the manual

https://docs.splunk.com/Documentation/Splunk/9.0.0/Admin/Managingappobjects?ref=hk 

 

splunk install app <app_package_filename> -update 1 -auth <username>:<password>
0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 04:11 PM

alright this one really bothers me because Splunk is saying we MUST have a branded product called Symantec Endpoint Protection enabled in order to configure Enterprise Security

Think about it, do you even own this product?

 

Gregski11_0-1673655038534.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 03:48 PM

I know stop it already, I get it:

Gregski11_0-1673653634830.png

 

so we gonna double up on these

Gregski11_1-1673653674430.png

 

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 02:53 PM

well now I'm pot committed 

 

Gregski11_0-1673650413559.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 03:00 PM

ah yup

Error occurred attempting to enable SA-AuditAndDataProtection: .

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 02:33 PM

alright at this point I'm seriously thinking I should have read some sort of a prerequisits doc but:

Gregski11_0-1673654174126.png

 

 

 

SA-AuditDataProtection needs to be enabled as well

Gregski11_0-1673649189428.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 02:41 PM

and more of this 

Error occurred attempting to enable SA-AuditAndDataProtection: .

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 02:06 PM

and then it was on to the next error

SA-IdentityManagement 

 

Gregski11_0-1673647582671.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 02:12 PM

well I did not expect this: 503 Service Unavailable

Gregski11_0-1673647907376.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 01:08 PM

one step forward one step back

another click another error: SA-NetworkProtection app appears to be disabled

 

Gregski11_0-1673644113047.png

 

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 01:19 PM

alright, second verse same as the first, find the SA-NetworkProtection app and Enable it

Error occurred attempting to enable SA-NetworkProtection: .

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 12:53 PM

ok the CLI install was succesfull but now the 

Splunk Enterprise Security Post-Install Configuration

fails with this error, why is this so difficult?

 

Gregski11_0-1673643171235.png

 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 01:07 PM

ok so I recon that Splunk SA Scientific Python app was just disabled, no biggie, enabled it and pressed on 

0 Karma
Reply

Gregski11
Contributor
‎01-13-2023 11:18 AM

so I downloaded the latest version of Splunk Enterprise Security and attempted to Install the App from File, only to be greeted with yet another vague error: 

splunk-enterprise-security_710.spl

 

 

Gregski11_0-1673637368636.png

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...