Splunk Enterprise Security

Where to install Phantom Remote Search


Does the Phantom Remote Search app get installed on my Enterprise Security Search Head, a HEC server, or another server all together? Seems there are search, HEC inputs, and index portions yet it's one app.



You must install the Splunk Phantom Remote Search app on your Splunk search heads or search head clusters, and on your indexers. See Install an add-on in a distributed Splunk Enterprise deployment in Splunk Supported Add-ons for additional information.
Installing the Splunk Phantom Remote Search app adds the necessary Splunk Phantom roles and indexes to your Splunk server.

ref: https://docs.splunk.com/Documentation/PhantomRemoteSearch/1.0.14/PhantomRemoteSearch/Connecttodistri...

0 Karma

Loves-to-Learn Lots

We need to install phantom remote search in HF

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...