![]() ![]() Deselect the Require password change on first login check box.Under Assigned role(s), in the Available item(s) box, select phantomsearch to add that role.Under Assigned role(s), in the Selected item(s) box, select user to remove that role.Set and confirm a password for this user which complies with your organization's security policies.These instructions use phantomsearch and phantomdelete. You can use any user names you like for these accounts. The roles are phantomsearch and phantomdelete. Splunk Phantom requires two user accounts with roles added by the Phantom Remote Search App. See Set up and use HTTP Event Collector in Splunk Web in the Splunk Enterprise Getting Data In manual.Ĭreate required user accounts for Splunk Phantom Set up the HTTP Event Collector in Splunk.See Where to get more apps and add-ons in the Splunk Enterprise Admin Manual. Install the Phantom Remote Search App.For a complete list of ports, see Splunk Phantom required ports. Configure your firewall to allow access.See the Splunk Enterprise Installation Manual. Install and configure Splunk Enterprise from the documentation.The Phantom Remote Search App defines the user roles and indices needed by Splunk Phantom to use Splunk Enterprise for searches. Splunk Phantom 4.2 and later require Splunk Enterprise 7.2.3 or later and the Phantom Remote Search App 1.0.7. ![]() You can also configure Splunk Phantom to use an external Splunk instance for searching.Ī Splunk Phantom cluster also requires an external Splunk Enterprise instance. If Splunk Phantom is installed as a stand-alone product, it includes a version of Splunk Enterprise as the internal search engine.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |