Solved: How to make URL Toolbox available from the Splunk ...

mdessus_splunk · ‎06-24-2015

Since ES filters apps imported by name (TA... ), you need to force the import by modifying the file /opt/splunk/etc/apps/SplunkEnterpriseSecuritySuite/local/inputs.conf and changing the app_regex in the stanza [app_imports_update://update_es]:

[app_imports_update://update_es]
app_regex = utbox
disabled = 0

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

View solution in original post

mdessus_splunk · ‎06-08-2017

Note that in ES versions 4.7 and later, you can do it from the interface: http://docs.splunk.com/Documentation/ES/4.7.1/Install/ImportCustomApps

mdessus_splunk · ‎10-28-2015

According to some fellow splunkers, the regex should be more similar to that one:

app_regex = ([DST]A-.)|(Splunk_[DST]A_.)|(SplunkEnterpriseSecuritySuite)|(utbox)

mdessus_splunk · ‎06-24-2015

And the answer in the already in the question 🙂

mdessus_splunk · ‎10-27-2015

Note that this seems to cause an issue when upgrading (at least) to ES 4.0. Remove this setting before !
I'll report this issue.

mdessus_splunk · ‎10-28-2015

Should be fixed in ES 4.0.1.

How to make URL Toolbox available from the Splunk App for Enterprise Security?

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

Splunk APM: New Product Features + Community Office Hours Recap!

Index This | Forward, I’m heavy; backward, I’m not. What am I?