Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

kianhong1995
New Member
‎12-28-2014 06:49 PM

When trying to install the Splunk add-on for Snort on Enterprise Security the following error is shown:

http://imgur.com/hFRjCXf

Is it needed to install this add-on in order to view data from the Snort alert.ids file? And if so, is there anyway to solve this error?

I am using the same alert.ids on the Splunk for Snort app and there is data shown.
Tested on Splunk 6.2.0 for both Windows 8 and Ubuntu with the same error shown.
Tested on Splunk 6.0.1 and 6.2.0 on a seperate computer also on Windows 8.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎12-29-2014 08:38 AM

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

View solution in original post

Reply
Solved! Jump to solution
Solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎12-29-2014 08:38 AM

I can't tell what you're trying to do... Neither TA-snort (old addon that ships with ES) nor Splunk_TA_sourcefire (new addon that also supports Snort) need or have a setup process.

Your snort logs should be in a directory somewhere, tell Splunk to monitor it and set the sourcetype to snort.

Reply
Solved! Jump to solution

kianhong1995
New Member
‎12-29-2014 10:10 PM

Thanks for the help! I was trying to get the Snort data to appear on Intrusion Center but nothing was showing. I thought that it might have been something to do with the add-ons so I was trying to look into it. I have now realised that it might have been a problem with my Snort log files.

Sorry for the inconvenience as I am new to Splunk!

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...