All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk on local machine fails to install apps from file

mgrant74
Engager
‎06-26-2018 08:10 AM

I'm trying to install Splunk Security Essentials for Fraud Detection on my local machine that I use for practicing with Splunk, and I can't find the app in the Browse More Apps section, so I downloaded the .tgz file, unzipped it to get the .tar file, and tried it both ways. In the past, app installs would throw an error, but the app would still be installed. This time I'm getting either ERR_CONNECTION_RESET or ERR_CONNECTION_ABORTED depending on if I use the .TGZ or .TAR respectively.

Is there an easier way to do this, or some other app I need to install prior to the SSE for Fraud Detection app? I already have SSE installed.

Thanks!

Tags (1)
0 Karma
Reply

lacastillo
Path Finder
‎06-28-2018 09:42 AM

@mgrant74 Did you install the dependencies?
https://splunkbase.splunk.com/app/3693/#/details
under the "Details" tab

"Dependencies:

Splunk Security Essentials for Fraud Detection depends on the following apps
Splunk Machine Learning Toolkit
Python for Scientific Computing
Clustered Single Value Map Visualization
3D Scatterplot

All above apps can be downloaded for free from Splunkbase. When installing these apps please select the appropriate platform.

Make sure these apps are properly installed in your Splunk environment before installing this app."

Also, did you follow the Quick Installation Suggestions?

"Quick Installation Suggestions
Due to very large size of the app - it may be a challenge to install it via normal, GUI way.
Here are suggested steps to install this app in a faster, more reliable manner:
- Download the app to your computer
- Unzip it manually (via WinRar or 7Zip or related linux utilities)
- If you do not need Healthcare demo - you may delete Healthcare dataset - all files under ./Splunk-SE-Fraud-Detection/DATA/af-cms* - this will greatly reduce the size of the app as well.
- Move ./Splunk-SE-Fraud-Detection tree under ./etc/apps of your Splunk installation
- Restart Splunk
- If you included (did not delete) healthcare datasets - give app some time (30-60 minutes) to index the complete datasets. Once indexing is finished (af-cms-* indexes stopped growing) - the app is ready for use"

Let me know if this helps.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...