AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Splunk enterprise dfs1/7/2024 ![]() ![]() ![]() This is a less costly move than having all machines in a branch site forward their data to an indexer in the central site. Then, the intermediate forwarder would send data back to the central site. For example, if you have a hub-and-spoke type of network, with a central site connected to branch sites, it might be a better idea to deploy forwarders on machines in the branch sites, which send data to an intermediate forwarder in each branch. How is the network laid out? How are any external site links configured? What security is present on those links? Fully understanding your network topology helps determine which machines you should install Splunk on, and what types of Splunk (indexers or forwarders) you should install on those machines from a networking standpoint.Ī site with thin LAN or WAN links makes it necessary to consider how much Splunk data should be transferred between sites.It also determines how much computing and network bandwidth Splunk will potentially use. It determines where to install Splunk, and what types of Splunk you use in those installations. The answers to these questions determine how you address every other consideration. What data on your machines needs indexing? What part of this data do you want to search, report, or alert across? This is probably the most important consideration to review.Then, you must answer a number of questions prior to starting the deployment, including: Making sure your edge routers and switches are functioning properly will allow you to set a baseline for network performance both during and after the deployment. Assessing the current health of your network, particularly in areas where networks are separated.Doing this determines where you will install your main Splunk instance, and where and how you will use Splunk forwarders. Calculating your network bandwidth, both in your main site and at any remote or external sites.Doing this defines the initial framework of your Splunk topology. Counting the number of machines in your environment and defining a subset of those which need Splunk installed. ![]() In a typical deployment, you dedicate some hardware to Splunk for indexing purposes, and then use a combination of universal forwarders and Windows Management Instrumentation (WMI) to collect data from other machines in the enterprise.ĭeploying Splunk in a Windows enterprise requires a number of planning steps.įirst, you must inventory your enterprise, beginning at the physical network, and leading up to how the machines on that network are individually configured. More importantly, for system administrators, Splunk can send alerts to let you know what is happening as the data arrives. Once the data is there, you can search and create reports and dashboards based on the indexed data. When you deploy Splunk into your Windows network, it captures data from the machines and stores it centrally. Or, you can integrate Splunk into system images and then deploy Splunk configurations and apps using Splunk's deployment server. When deploying Splunk on Windows on a large scale, you can rely completely on your own deployment utilities (such as System Center Configuration Manager or Tivoli/BigFix) to place both Splunk and its configurations on the machines in your enterprise. The Distributed Deployment Manual has lots of information on spreading Splunk services across a number of computers. While this topic is geared more toward deploying Splunk in a Windows environment, Splunk itself also has distributed deployment capabilities that you should be aware of, even as you integrate it into your Windows enterprise. This topic discusses some of those scenarios and offers guidelines on how to best adapt your Splunk for Windows deployment to your enterprise. You can integrate Splunk into your Windows environment in any number of ways. ![]()
0 Comments
Read More
Leave a Reply. |