Skip to main content
Version: Atlas V2022.3.0

Platform Installation

Installation Requirements (On-Premises)

You should have the following artifacts and access to proceed:

  • Atlas License Key

  • Atlas Artifacts Zips (In SPL or tar.gz form)

  • Admin access to the designated Search Head

  • Atlas Logging Index

  • Splunk Ecosystem on Version 8.X.X

Installation Overview (On-Premises)

This guide will outline the steps required to install the Atlas Platform and how to perform basic Atlas Workflows. If you are installing on a Splunk Cloud Deployment, please switch to the "Splunk Cloud" tab.

  • If you are setting up the Atlas Element ES Helper, please visit the Atlas ES Helper page for installation instructions and requirements

  • If you are setting up the Atlas Element STIG Compliance, please visit the Atlas STIG Compliance page for installation instructions and requirements

Even with additional documentation and steps, getting Atlas up and running will take under two hours. The Atlas Platform comes paired with Expertise on Demand (EoD), and you are encouraged to reach out to EoD for Atlas installation support should you need help.


Q: Does Atlas change data?
A: No. Atlas does not manipulate your events.

Q: Does Atlas require public internet access?
A: No. Atlas can reside in an internal, closed off environment.

Q: Does Atlas leak or report on my data to third parties?
A: No. Atlas does not report, leak, or share your data with Kinney Group or third parties.

Q: How much computation does Atlas utilize?
A: Atlas comes with a single Scheduled Search that runs every hour. Besides that, its dashboards utilize API calls and base searches to reduce impact when loaded. Atlas also gives tools to prioritize your concurrency issues, so therefore it is geared to become a net positive on your environment.

Installing the Atlas Platform

  1. Take the Atlas Artifacts ZIPs. If you were given a single compressed file, un-zip the file so it becomes numerous sub-files. Each sub-file should be named related to an Atlas Element, such as Core, Search Library, Data Management, and so on. There may be anywhere from five to more than ten of these files.

    • Example: atlas_data_management-1.2.0.tar.gz
  2. Sign in as the Admin on the Splunk Search Box, navigate to ‘Manage Apps’.

    Step 2

  3. Select "Install App from File" button located in the top right.

    Step 3

  4. Choose one of the Atlas Elements ZIPs identified in Step 1 (the order they are uploaded does not matter). Click "Upload". If you experience an issue, try selecting the “Upgrade App” checkbox and try again.

    Step 4

  5. Repeat Steps 3-4 with all the remaining elements. Make sure to keep track of which elements have yet to be installed.

    • Check your progress by searching “Atlas” on the Manage apps screen

      Step 5

  6. After all apps have been installed, click "Apps" and select "Atlas".

    Step 6

  7. A notice should appear notifying you that you need to configure Atlas. Click "Continue to Configurations" and it should take you to the Licensing Dashboard on Atlas Core.

  8. Paste your License into the box and click "Save". Ensure that when you copy the key, you don’t add any new lines or spaces.

  9. Your Atlas Applications should be ready to roll! If you have any issues, please reach out for Expertise On Demand.

Set Up Atlas Audit

Auditing is important for tracking utilizing Atlas’s many useful tools and automation that can speed up Splunk actions. The Auditing feature helps Admins easily track their and their users’ actions on the Atlas platform. This auditing does not share information with third parties and does not ‘reach out’ over the network. It remains entirely internal to the Splunk deployment, much like Atlas itself. Atlas logging should not take up more than 5 MB a day.

  1. Select Atlas Audit Index

    • Atlas Audit will utilize the Index identified in the Atlas.conf file on line 1. This is default to atlas_audit, which we recommend utilizing.

    • If you wish to use a different name, or an already-in-use index, change this line to the selected index and skip Step 2.

    • Do not change the Source Type identified on line 6.

  2. Create Atlas Audit Index

    • Using your preferred index creation procedure, create the index on your search and index tiers with the name specified in Atlas.conf (step 1).
  3. Restart or Refresh Splunk to capture new logs

To test the logging feature, view the Data Utilization dashboard and select a Source Type-Index pair. Then visit the Atlas Audit dashboard on Core. It should show that even has been logged.

Set Up Skipped Search Alert

Scheduling Assistant includes an alert to notify search owners that their search has been skipping and provide them with a link to Scheduling Assistant to remedy this themselves.

  1. You must have email configured in your Splunk settings. If you are unsure if you have this configured, see the Splunk Docs.

  2. Navigate to “Searches, Reports, and Alerts” in the Splunk settings menu and find the “Atlas Skipped Search Alert”. Within the Email Message, there will be a URL. Edit the URL, replacing “localhost” with your Search Head name.

  3. Enable the alert and edit the schedule if desired.

    • The schedule is (0 0 * * *) by default.