Splunk Enterprise Security requires a dedicated search head with no other apps installed. This is because ES is a resource-intensive application that may cause performance issues and conflicts with other apps. Installing ES on a search head with other apps may also result in data loss or corruption. Therefore, it is recommended to install ES on a clean search head with only the default built-in apps and the Common Information Model (CIM) app. The CIM app is a prerequisite for ES and provides a common language for describing data across domains and technologies. The other options, B, C, and D, are not correct. Installing ES on a search head with any other apps, including TA-* or CIM-compliant apps, is not supported and may cause problems. References =
Install Splunk Enterprise Security
Splunk Enterprise Security Installation and Upgrade Manual
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit