All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk on local machine fails to install apps from file

mgrant74
Engager
‎06-26-2018 08:10 AM

I'm trying to install Splunk Security Essentials for Fraud Detection on my local machine that I use for practicing with Splunk, and I can't find the app in the Browse More Apps section, so I downloaded the .tgz file, unzipped it to get the .tar file, and tried it both ways. In the past, app installs would throw an error, but the app would still be installed. This time I'm getting either ERR_CONNECTION_RESET or ERR_CONNECTION_ABORTED depending on if I use the .TGZ or .TAR respectively.

Is there an easier way to do this, or some other app I need to install prior to the SSE for Fraud Detection app? I already have SSE installed.

Thanks!

Tags (1)
0 Karma
Reply

lacastillo
Path Finder
‎06-28-2018 09:42 AM

@mgrant74 Did you install the dependencies?
https://splunkbase.splunk.com/app/3693/#/details
under the "Details" tab

"Dependencies:

Splunk Security Essentials for Fraud Detection depends on the following apps
Splunk Machine Learning Toolkit
Python for Scientific Computing
Clustered Single Value Map Visualization
3D Scatterplot

All above apps can be downloaded for free from Splunkbase. When installing these apps please select the appropriate platform.

Make sure these apps are properly installed in your Splunk environment before installing this app."

Also, did you follow the Quick Installation Suggestions?

"Quick Installation Suggestions
Due to very large size of the app - it may be a challenge to install it via normal, GUI way.
Here are suggested steps to install this app in a faster, more reliable manner:
- Download the app to your computer
- Unzip it manually (via WinRar or 7Zip or related linux utilities)
- If you do not need Healthcare demo - you may delete Healthcare dataset - all files under ./Splunk-SE-Fraud-Detection/DATA/af-cms* - this will greatly reduce the size of the app as well.
- Move ./Splunk-SE-Fraud-Detection tree under ./etc/apps of your Splunk installation
- Restart Splunk
- If you included (did not delete) healthcare datasets - give app some time (30-60 minutes) to index the complete datasets. Once indexing is finished (af-cms-* indexes stopped growing) - the app is ready for use"

Let me know if this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...