Working on a fresh install of Stream into an on-prem distributed environment with a small number of endpoints. I'm not sure where to install and operate Stream from and I've seen differing instructions from 2019-present.
Is the current best practice to install and operate Stream from a standalone server or install and run from the deployment server?
This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.
but I'm not sure where that break point is between separate server and just using a deployment server ///
well,.. in simple terms, your question is... "separate server or just using a deployment server?"
its a very complex question and this depends "soo many factors"...
1) its performance,
2) average load,
3) ur plan about how your Splunk system will be in an year and in 5 years, etc
4) importantly, the budget constraints.
---- if you want to push Splunk to its bottleneck and also get good Return on Investment(ROI), then simply go with just using a deployment server, not a separate server for stream.
---- on the other hand, if you can afford moneywise, it is simply best to use a separate server for each functionality... for example common system for base Splunk and separate servers for ES, ITSI, Observability, Stream, etc..
hope its clear now, thanks.
may i know if this resolves your query, if not please let us know some more details about query, thanks.
This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.
Per the below article they use a separate server, but I'm not sure where that break point is between separate server and just using a deployment server. I'm leaning toward using a separate server, but the article I'm linking to is from 2019, so I don't know if it's still the recommended way to do it.
This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.
but I'm not sure where that break point is between separate server and just using a deployment server ///
well,.. in simple terms, your question is... "separate server or just using a deployment server?"
its a very complex question and this depends "soo many factors"...
1) its performance,
2) average load,
3) ur plan about how your Splunk system will be in an year and in 5 years, etc
4) importantly, the budget constraints.
---- if you want to push Splunk to its bottleneck and also get good Return on Investment(ROI), then simply go with just using a deployment server, not a separate server for stream.
---- on the other hand, if you can afford moneywise, it is simply best to use a separate server for each functionality... for example common system for base Splunk and separate servers for ES, ITSI, Observability, Stream, etc..
hope its clear now, thanks.
Thank you, this helps. Just wanted to make sure there wasn't any newer recommended way to setup Stream. I'll proceed with a standalone server.