I didn't explain it well enough. 1) Remove the current app opt/splunk/bin/splunk remove app splunk_wineventcode_secanalysis-master 2) Download new splunk_wineventcode_secanalysis-master.zip from github 3) Extract the file. and rename the folders in the folder. splunk_wineventcode_secanalysis-master/splunk_wineventcode_secanalysis-master/appserver(bin,default...) ↓ splunk_wineventcode_secanalysis-master/splunk_wineventcode_secanalysis/appserver(bin,default...) 4) Compress the folder splunk_wineventcode_secanalysis/appserver(bin,default...) → splunk_wineventcode_secanalysis.zip 5) Import splunk_wineventcode_secanalysis.zip from "install app from file". Your environment is fine. I hope your problem is solved soon.
... View more