Splunk Series: Splunk Deployments

Addition Splunk Components

There are additional components for a Splunk deployment, here is a list

  • Deployment Server
  • Cluster Master
  • License Master

UntitledImage

Standalone Deployment

This deployment is only in 1 server, and all functions needed for this deployment reside on the same server

  • Searching
  • Indexing
  • Parsing
  • Input

UntitledImage

It is recommended to have 1 test or dev set up at your site

A basic Splunk deployment

This setup includes the Splunk Server which will be handling the same functions as a Standalone deployment, however, in this case, all the input is ingested from the Forwarders

UntitledImage

The forwarders collect the data and then it sends it to the Splunk server. The forwarders are installed on the servers that will collect all the data

A basic deployment for organizations should be able to index less than 20GB per day, under 20 Users and a small number of forwarders

Splunk Multi-Instance Deployment

This installation or deployment model will help scale the collection and indexing of data
UntitledImage

Deployment where you need to Increase Capacity

In this case, there will be a cluster to manage all the Search Head, it includes few more items/servers/instances that allow loading balance configurations and searches

UntitledImage

Splunk Deployment – Index Cluster

This deployment helps to replicate data, prevent data loss, promote the availability and manage multiple indexers. Non-replicating index clusters offer simplified management and do not provide availability or data recovery.

UntitledImage

What is next?

Feeding data to Splunk

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 15 years of experience, Andres is specialized in Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.