Splunk ES app installation Error

spl_unker · ‎05-06-2020

My Enterprise Splunk version is 7.3.2 and ES app version which i tried installing is 6.1.1.

After ES app installation and splunk server restart , i see the following error when i proceed to setup page

"Installer was unable to start. Error in 'essinstall' command: External search command exited unexpectedly with non-zero error code 1."

I understand it is due to version compatibility issue between ES and Entreprise Splunk in one of the Splunk answers

https://answers.splunk.com/answers/521781/error-while-installing-splunk-enterprise-security.html

But in the app page 7.3 are 8.0 is mentioned as compatible version. Please help if any one has faced this issue. TIA

shivanshu1593 · ‎05-06-2020

You're trying to install a version, which is not compatible with 7.3.X, although it says on the splunkbase page. The compatible version is 6.0.1.

Thank you,
Shiv
###If you found the answer helpful, kindly consider upvoting/accepting it as the answer as it helps other Splunkers find the solutions to similar issues###

lkutch_splunk · ‎05-06-2020

https://docs.splunk.com/Documentation/VersionCompatibility/current/Matrix/CompatMatrix

richgalloway · ‎05-06-2020

ES 6.1.x requires Splunk 8.

---
If this reply helps you, Karma would be appreciated.

Splunk ES app installation Error

installation

troubleshooting

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector