SSE installs into a SHC like any other SHC app, the only area where there is some minimal risk in a SHC setup is when using the Lookup Cache acceleration technique under the First Time Seen detection with very large lookups (See First Time Seen Detection -> Considerations for implementing the large scale version in this doc). The app includes many lookups with demo data that shouldn’t be replicated to the indexers, but also includes a nf file to prevent that replication, so that you needn’t worry. This app is safe to install in large size clusters, as it will not have an impact on indexers (unless you choose to enable many searches). If that happens to you, use a different browser to download the app file. Note: If you download the app as a tgz file, Google Chrome could automatically decompress it as a tar file. If your Splunk server is not connected to the internet, download the app from Splunkbase and install it using the Manage Apps page in Splunk platform.If you have internet access from your Splunk server, download and install the app by clicking “‘Browse More Apps”’ from the Manage Apps page in Splunk platform.Video Walk Through of Installing: In a single-instance deployment For more information, see Install apps in your Splunk Cloud Platform deployment in the Splunk Cloud Platform Admin Manual.Installation Documentation Installation and Tested Environments You can install Splunk Security Essentials on your Splunk Cloud Platform deployment. For installation instructions, see Install an add-on in a distributed Splunk Enterprise deployment in the Splunk Add-ons menu. This app is safe to install in large clusters because it has no impact on indexers. In a distributed deployment, install Splunk Security Essentials on search heads only. Install on a Splunk Enterprise distributed deployment
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |