You're very welcome!

For me, that's the easiest way. You can do it by command line or by the splunk gui. Just remember that through the gui, you can't install ES without changing a conf setting

Thank you

I may be mistaken, but my initial answer to your question is that your splunk account is not authorized to download Splunk Enterprise Security. ES is a paid app and you must pay for it through a splunk sales rep. Then they "entitle" your account so that you can download the app. If you're company has bought ES, you will need to find out who has the entitlement for the ES and they are able to download the app from splunkbase. If this is not the case, let me know.

@@lamecreations_guides I did't buy this soft. I hoped that i can test it in virtual area for expirience, writing rules for siem. Can I testing rules without ES adon?

@@paveltroshkin6887 I am not aware of any way of just downloading the rules without a subscription from ES. Some of the rules are kind of talked about with the free Security Essentials App. Hit me up on Discord and I can help you with a different way of testing out the rules.

I would like to make a video on this, but I have never done it, and I don't have a Search Head cluster available to perform this task. But hopefully I can help you with it in another way. docs.splunk.com/Documentation/ES/latest/Install/UpgradeEnterpriseSecuritySHC Maybe as I procure more hardware, I can get a SHC environment set up.

If anyone else sees this comment, feel free to add your two cents. The video is probably blurry because it is not being watched in high definition. On youtube, you should have an option in the bottom right of the video to change the video resolution. Move it to a higher resolution and you should be able to see the text a lot easier. I agree that at low resolution, the words are hard to read, but they seem pretty easy to read if you put in HD (at least that is what works for me)

@@lamecreations_guides Thanks for your reply and suggestions. Now I am able to read text easily.