Installation

Initial Installation

Standalone Search Head

1. Install the provided .spl using the Web GUI or the CLI.
2. Configure buckets and queries using the provided dashboards

Search Head Cluster

1. Unpack the provided .spl to $SPLUNK_HOME/etc/shcluster/apps on the deployer
2. Deploy the app bundle to the search head cluster
3. Configure buckets and queries using one of the search head cluster members