System Requirements

Hardware/OS Platforms

Prelert Anomaly Detective for Splunk is supported on the following platforms:

  • Linux (x86 64-bit)
    • SuSE Enterprise 11, 12
    • RHEL 6.x, 7.x
    • CentOS 6.x, 7.x
    • Fedora 10+
    • Amazon Linux (latest)
    • Ubuntu 12+

The detailed Linux operating system library requirements are defined here.

  • Mac OS X (x86 64-bit)
    • 10.10 “Yosemite” (evals only)
    • 10.11 “El Capitan” - requires Splunk 6.3.3 or higher (evals only)
  • Windows (x86 64-bit)
  • Solaris (x86 64-bit)
    • 11.3+

If your platform is supported by Splunk (including the KV store), but not Prelert, please contact for further information.

As of version 4.2, support for Windows 7, Windows Server 2008, Solaris 10 and Mac OS X 10.9 “Mavericks” is removed. Additionally support for Windows Server 2008 R2 is deprecated.

Splunk Versions

Anomaly Detective requires the KV Store to be enabled and is supported with the following Splunk versions:

  • 6.2.x
  • 6.3.x
  • 6.4.x

Hunk Versions

Anomaly Detective is supported with the following Hunk versions:

  • 6.2.x

Note: Supported for time-ordered data only. Customers wishing to evaluate and use Anomaly Detective with Hunk are requested to contact Prelert to discuss best practice configuration, analysis optimization and to ensure support for your configuration.

Memory Requirements

An 8GB limit is set by default as the maximum model size per search. This value may be changed by creating/editing the file etc/apps/prelert/local/prelertlimits.conf and adding a section as follows:

# Maximum allowed memory used by the internal models before further analysis
# that would increase memory usage is halted. In MiB.
modelmemorylimit = 16384

Once this limit is reached, modeling for existing entities will continue; however new entities will be ignored to ensure that resources limits are not exceeded.

Client Browsers

  • Internet Explorer 11 - not supported when running in compatibility mode
  • Firefox latest version
  • Chrome latest version
  • Safari latest version

Linux Library Requirements

This section is provided in order to fully document the Linux operating system libraries that are required by the Prelert Anomaly Detective Splunk App.

If you are running on a supported Linux distribution containing all the packages that constitute a minimal install, then the following libraries will be available and no further action is required.

If you are running on a custom Linux distribution then the required Linux operating system libraries are listed below:


Note: On an Ubuntu-like distribution the libraries may be in /lib/x86_64-linux-gnu and /usr/lib/x86_64-linux-gnu rather than /lib64 and /usr/lib64; this is fine too.

In addition the glibc version must be at least version 2.9. You can check this by running the command:

> /sbin/ldconfig --version

You will see output similar to this:

ldconfig (GNU libc) 2.9
Copyright (C) 2008 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
Written by Andreas Jaeger.

The C++ runtime shared library version must be at least 6.0.10. You can check by running the command:

> ls -l /usr/lib64/