As I continue being exposed to Splunk in the wild as well as in class 🙂 – I decided to write a bit on the class that I just took.
The System Administrator Class
This class is one of the many requirements to become a Splunk Certified Architect, which is what I’m going for in the next couple of months. This class along with the Data Administration one are required in order to take the Administration exam.
- Splunk Deployment Overview
- License Management
- Splunk Applications
- Splunk Configuration Files
- Splunk Indexers
- Splunk Index Management
- Splunk User Management
- Distributed Search and Drag
The class is very nice and the instructor was very knowledgable, I appreciate that he was very detailed. Like from their fundamentals On demand classes you get a glimpse on the installation and what are the components of the solution. I was very impressed by how the solution really scales up to provide excellent visibility to the Data. At some point I was thinking on how many Software engineers they have assigned to the support of the product.
The 4 stages of a Splunk deployment
Splunk can be deployed as a standalone server or as a distributed server infrastructure,
- Input any text data
- Parse the data into events
- Index and store events
- Search and report
A basic deployment of Splunk
This is very similar to a Standalone server, which you will use to test, practice search queries, but in this basic deployment, you are looking at one more component, in this case you are adding forwarders, and you manage those forwarders (Production Servers) from your Splunk Installation
A distributed deployment
This is where things start fitting scale and there are many reason why you would configure a distributed deployment in first place. Size of your data, amount of forwarders, Users accessing the data and so on.
In a nutshell, you guessed it, the 4 stages can be distributed to different servers sharing the load of the functions
What is next?
Next I will break down the functions of each of the servers/services required for a distributed deplyoment
About the Author:
Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.