Splunk Enterprise Security

What is this error: Unknown search command 'essinstall'.?

Gregski11
Contributor

Splunk 9.0.0 on Windows servers 

So I clicked on Apps \ Enterprise Security and I was greeted with that error

App configuration

The "Enterprise Security" app has not been fully configured yet.

This app has configuration properties that can be customized for this Splunk instance. Depending on the app, these properties may or may not be required.

Unknown search command 'essinstall'.

OK
Labels (1)
Tags (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1. SA-EndpointProtection has nothing to do with Symantec.

2. Did you bother to read https://docs.splunk.com/Documentation/ES/7.0.2/Install/Overview ?

0 Karma

Gregski11
Contributor

next I attempted to install the app using the CLI as per the manual

https://docs.splunk.com/Documentation/Splunk/9.0.0/Admin/Managingappobjects?ref=hk 

 

splunk install app <app_package_filename> -update 1 -auth <username>:<password>
0 Karma

Gregski11
Contributor

alright this one really bothers me because Splunk is saying we MUST have a branded product called Symantec Endpoint Protection enabled in order to configure Enterprise Security

Think about it, do you even own this product?

 

Gregski11_0-1673655038534.png

 

0 Karma

Gregski11
Contributor

I know stop it already, I get it:

Gregski11_0-1673653634830.png

 

so we gonna double up on these

Gregski11_1-1673653674430.png

 

 

0 Karma

Gregski11
Contributor

well now I'm pot committed 

 

Gregski11_0-1673650413559.png

 

0 Karma

Gregski11
Contributor

ah yup

Error occurred attempting to enable SA-AuditAndDataProtection: .

0 Karma

Gregski11
Contributor

alright at this point I'm seriously thinking I should have read some sort of a prerequisits doc but:

Gregski11_0-1673654174126.png

 

 

 

SA-AuditDataProtection needs to be enabled as well

Gregski11_0-1673649189428.png

 

0 Karma

Gregski11
Contributor

and more of this 

Error occurred attempting to enable SA-AuditAndDataProtection: .

0 Karma

Gregski11
Contributor

and then it was on to the next error

SA-IdentityManagement 

 

Gregski11_0-1673647582671.png

 

0 Karma

Gregski11
Contributor

well I did not expect this: 503 Service Unavailable

Gregski11_0-1673647907376.png

 

0 Karma

Gregski11
Contributor

one step forward one step back

another click another error: SA-NetworkProtection app appears to be disabled

 

Gregski11_0-1673644113047.png

 

 

0 Karma

Gregski11
Contributor

alright, second verse same as the first, find the SA-NetworkProtection app and Enable it

Error occurred attempting to enable SA-NetworkProtection: .

 

0 Karma

Gregski11
Contributor

ok the CLI install was succesfull but now the 

Splunk Enterprise Security Post-Install Configuration

fails with this error, why is this so difficult?

 

Gregski11_0-1673643171235.png

 

0 Karma

Gregski11
Contributor

ok so I recon that Splunk SA Scientific Python app was just disabled, no biggie, enabled it and pressed on 

0 Karma

Gregski11
Contributor

so I downloaded the latest version of Splunk Enterprise Security and attempted to Install the App from File, only to be greeted with yet another vague error: 

splunk-enterprise-security_710.spl

 

 

Gregski11_0-1673637368636.png

 

 

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...