Splunk Enterprise Security Suite Installation

Splunk enterprise security: Splunk Enterprise Security Suite is a group of Splunk applications and you will be guided on how to install the Splunk premium app. Since Splunk Enterprise Security is a premium solution though it’s not available for a free trial as Splunk Enterprise. However, Splunk gives a free cloud trial for seven days that can be availed after forming a Splunk account. You must check Splunk’s product compatibility matrix before you start on the installation.

Downloading Splunk Enterprise Security

  • For you to download slunk enterprise security, you need to Log in to splunk.com using your Splunk.com username & password.
  • Search and download the newest Splunk Enterprise Security app. However, you need to be a licensed Enterprise Security client to download this application.
  • Click on download & save the Splunk-Enterprise Security-product file on your desktop.
  • Log-in to search head as admin.

Step to step guide Splunk Enterprise Security

Step one

On Splunk look for head Navigate to Manage applications >> Then install applications from file & upload Splunk Enterprise Security Application.

Step two

When the installation is done successfully, you need to click on Set-up now.

Step three

From a list of existing add-ons, exclude those that you don’t need & disable those that you need to install now although they will be used in the future. Then click on begin configuration. When the configuration process is successful click on the Restart Splunk button for installation to take effect.

Remember the various TA(s) which come with the Splunk Enterprise Security suite are associated with various technologies & assist you leverage integrations of technologies using Splunk, in case you’re in doubt about some TA kindly exclude it as one can always download the TA(s) from the repository of every Splunk app, Splunk base & add-ons.

Step four

When Splunk completes restarting, go to the Enterprise Security application. Here, you need to see a screen like that in the image below. This shows that the installation & configuration was successful.

Click on Home to launch the Splunk Enterprise Security home page.

That’s all, Splunk Enterprise Security is ready for use & to offer a boost to a company’s security processes.

Installing Splunk Enterprise Security using command line

First, download Splunk Enterprise Security & place it on the search head.

Begin the installation process at the search head. Install using the “./splunk install application <filename>” command. Also, you can perform a REST call to begin the installation using a server-command-line e.g.

One can upgrade the Splunk Enterprise Security application on CLI using a similar process like with add-ons or Splunk apps. Remember not to use the “./splunk install application” command when installing new features on the Splunk-Enterprise Security application.

On search head, use Splunk software command-line to operate this command:

Uninstalling Splunk Enterprise Security

One can uninstall the Slunk Enterprise Security app by deleting SplunkEnterpriseSecuritySuite from the $SPLUNK_HOME/etc/apps folder structure. This is achieved recursively by moving or erasing the directory to  $SPLUNK_HOME/etc/disabled-apps & restarting. Splunk Enterprise Security is a collection of applications. Therefore, removing a single application folder won’t uninstall it. One needs to move or remove all applicable applications in the suite.

Other Important Links: