Installation

Standalone Search Head

1. Install the provided .spl using the Web GUI or the CLI.
2. Configure Elasticsearch instances and queries using the provided dashboards

Search Head Cluster

1. Unpack the provided .spl to $SPLUNK_HOME/etc/shcluster/apps on the deployer
2. Deploy the app bundle to the search head cluster
3. Configure Elasticsearch instances and queries using one of the search head cluster members