The War Room • Room 1

Installation & Prerequisites

Enterprise Security is installed as a **Splunk app** on the Search Head. In a distributed environment, it runs exclusively on a dedicated Search Head or Search Head Cluster (SHC).

Key prerequisites include: Splunk Enterprise 9.x+, a minimum of 64 GB RAM on the ES search head, and installation of the **Common Information Model (CIM)** add-on.

ES is deployed via the app management page or CLI: `splunk install app splunk-enterprise-security-*.spl`.

CLI Install

$SPLUNK_HOME/bin/splunk install app splunk-enterprise-security-7.3.0.spl -auth admin:changeme

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

❤️❤️❤️

Question 1 of 1

Where should Splunk Enterprise Security be installed in a distributed environment?

AOn every indexer

BOn the deployment server

COn a dedicated search head or search head cluster

DOn the universal forwarder