Installation

Initial Installation

Standalone Search Head

1. Install the provided .spl using the Web GUI or the CLI.
2. Configure Elasticsearch instances and queries using the provided dashboards

Search Head Cluster

1. Unpack the provided .spl to $SPLUNK_HOME/etc/shcluster/apps on the deployer
2. Deploy the app bundle to the search head cluster
3. Configure Elasticsearch instances and queries using one of the search head cluster members

Upgrade from 1.0.0

Due to minor changes in the configuration format, the upgrade process is a bit more involved. The following steps are required:

1. Create a backup of the app's configuration files in $SPLUNK_HOME/etc/apps/SA-DP-elasticspl/local
2. Remove all configured instances through the Web GUI
3. Install the new version of the app using the Web GUI or the CLI
4. Reconfigure Elasticsearch instances using the provided dashboard