Splunk Enterprise Security

Splunk Enterprise Security on Windows XP Laptop?

aportela_work
Explorer

Was requested that I do development on my laptop, and to install Splunk ES 2.4 on my laptop (along with Splunk Enterprise 5.02, SideView Utility 1.35). Laptop is on Windows XP SP3 and has only 2 GB of ram. Is Splunk ES 2.4 even supported on this hardware platform?

Fyi, i did install the aforementioned, but my laptop started to shutdown (hard) intermittently and abruptly. At times, staying on for a few minutes, other times shutting down as soon as rebooted and logged in.

Hence, i had to deinstall. Booted up without loggin in; had the admin guy remote into my laptop & disable the Splunk processes via MS-Services; then I logged in and uninstalled all things Splunk.

Laptop is now working great, and I can still develop via my web browser going to the Linux based search head. However, would have been better if could get Splunk ES running on my laptop. Some other data points:
1) I just need to perform correlated searches from my laptop.
2) Search head would be on laptop pointing to existing indexers.
3) Had successfully installed/configured Splunk Enterprise 5.02 (w/out ES).
4) And was performing non-correlated distributed searches.
5) (using existing linux based search heads).

Any and all feedback would be appreciated. yep, basically just trying to understand if a laptop with XP can handle Splunk ES app.

Many thanks... Al

0 Karma
1 Solution

ChrisG
Splunk Employee
Splunk Employee

Windows XP is not a supported operating system for Enterprise Security. Please review the supported operating systems list in the documentation. You should also read the hardware requirements for information about what kind of computing power you will need for your search head (and the rest of your deployment).

View solution in original post

aportela_work
Explorer

Thanks for the 5.0.4 tip. And, i think that the system owners will eventually get there, it may just take several months.

0 Karma

LukeMurphey
Champion

BTW: you may want to run Splunk 5.0.4. It has some fixes that should improve performance on all platforms.

0 Karma

ChrisG
Splunk Employee
Splunk Employee

Windows XP is not a supported operating system for Enterprise Security. Please review the supported operating systems list in the documentation. You should also read the hardware requirements for information about what kind of computing power you will need for your search head (and the rest of your deployment).

aportela_work
Explorer

Yep, that's what I thought (based on the install guide, which mentioned Windows 7 & 8, but not XP). Also, the hardware requirements for search head seemed pretty hefty, which makes sense for Splunking thru mass quantities of data. Appreciate the feedback, and will pass on to others in my organization, who want us to convert our laptops into development environments (including search heads). Cheers... Al

0 Karma

derekarnold
Communicator

Concur with ChrisG. FYI Microsoft will stop supporting and providing security patches for XP in April.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...