This issue was fixed in the 4.3.1 maintenance release: https://docs.splunk.com/Documentation/ITSI/4.3.1/ReleaseNotes/Fixedissues#Uncategorized_issues ... View more

Thanks bu no, that's what I did and rpm still replaced both my v7.0.1 instance in the path provide through --prefix AND my v6.6.3 instance installed in the default /opt/splunk folder 😞 Basically the reason I started this thread was to find out if there is a way to upgrade just one of the installed instances. Other ideas anyone ? ... View more

Hi, TA-trendmicro is indeed delivered with Splunk Enterprise Security. To deploy it in a distributed environment, you will need to extract the add-on from the Splunk ES package and install/configure it across your indexers (cluster) and the forwarder running TMCM. In TMCM you need to configure the alerts you are interested in to write an event in the Application Windows Event Log. TMCM events will be processed by TA-trendmicro, assigning sourcetypes, tags, extracting fields etc. so they become available to the ES Data Models. I got the data into Splunk, properly tagged, sourcetype and all. However I don't find the data in ES ? Did you ? What more is needed ? Thanks, JohMut ... View more