Addition Splunk Components
There are additional components for a Splunk deployment, here is a list
- Deployment Server
- Cluster Master
- License Master
Standalone Deployment
This deployment is only in 1 server, and all functions needed for this deployment reside on the same server
- Searching
- Indexing
- Parsing
- Input
It is recommended to have 1 test or dev set up at your site
A basic Splunk deployment
This setup includes the Splunk Server which will be handling the same functions as a Standalone deployment, however, in this case, all the input is ingested from the Forwarders
The forwarders collect the data and then it sends it to the Splunk server. The forwarders are installed on the servers that will collect all the data
A basic deployment for organizations should be able to index less than 20GB per day, under 20 Users and a small number of forwarders
Splunk Multi-Instance Deployment
This installation or deployment model will help scale the collection and indexing of data
Deployment where you need to Increase Capacity
In this case, there will be a cluster to manage all the Search Head, it includes few more items/servers/instances that allow loading balance configurations and searches
Splunk Deployment – Index Cluster
This deployment helps to replicate data, prevent data loss, promote the availability and manage multiple indexers. Non-replicating index clusters offer simplified management and do not provide availability or data recovery.
What is next?
Feeding data to Splunk
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.