All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Best Practice for Splunk Stream Install Location

mikefg
Communicator
‎07-21-2022 10:03 AM

Working on a fresh install of Stream into an on-prem distributed environment with a small number of endpoints. I'm not sure where to install and operate Stream from and I've seen differing instructions from 2019-present.

Is the current best practice to install and operate Stream from a standalone server or install and run from the deployment server?

Labels (1)
Labels
Reply
1 Solution
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎07-22-2022 02:29 PM

This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.
but I'm not sure where that break point is between separate server and just using a deployment server ///


well,.. in simple terms, your question is... "separate server or just using a deployment server?"

its a very complex question and this depends "soo many factors"...

1) its performance,
2) average load,
3) ur plan about how your Splunk system will be in an year and in 5 years, etc
4) importantly, the budget constraints. 


---- if you want to push Splunk to its bottleneck and also get good Return on Investment(ROI), then simply go with just using a deployment server, not a separate server for stream. 

---- on the other hand, if you can afford moneywise, it is simply best to use a separate server for each functionality... for example common system for base Splunk and separate servers for ES, ITSI, Observability, Stream, etc..

hope its clear now, thanks. 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !

View solution in original post

0 Karma
Reply
Solved! Jump to solution

inventsekar
SplunkTrust
SplunkTrust
‎07-21-2022 12:04 PM

Hi @mikefg ... As per the documentation at https://docs.splunk.com/Documentation/StreamApp/8.1.0/DeployStreamApp/InstallSplunkAppforStreaminadi...

Install Splunk App for Stream on search heads

  2. Click Download. The installation package downloads to your local host.
  3. Log into Splunk Web.
  4. Go to the command line and untar the installation file to SPLUNK_HOME/etc/apps/.
  5. Restart Splunk Enterprise, if prompted. This installs the Splunk App for Stream (Splunk_app_stream) in $SPLUNK_HOME/etc/apps.

may i know if this resolves your query, if not please let us know some more details about query, thanks. 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

mikefg
Communicator
‎07-21-2022 12:15 PM

This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.

Per the below article they use a separate server, but I'm not sure where that break point is between separate server and just using a deployment server. I'm leaning toward using a separate server, but the article I'm linking to is from 2019, so I don't know if it's still the recommended way to do it.


https://www.splunk.com/en_us/blog/tips-and-tricks/installing-and-managing-splunk-stream-in-a-distrib...

0 Karma
Reply
Solved! Jump to solution
Solution

inventsekar
SplunkTrust
SplunkTrust
‎07-22-2022 02:29 PM

This doesn't help, what I need to know is if there is a best practice for using a separate server for stream or using a deployment server.
but I'm not sure where that break point is between separate server and just using a deployment server ///


well,.. in simple terms, your question is... "separate server or just using a deployment server?"

its a very complex question and this depends "soo many factors"...

1) its performance,
2) average load,
3) ur plan about how your Splunk system will be in an year and in 5 years, etc
4) importantly, the budget constraints. 


---- if you want to push Splunk to its bottleneck and also get good Return on Investment(ROI), then simply go with just using a deployment server, not a separate server for stream. 

---- on the other hand, if you can afford moneywise, it is simply best to use a separate server for each functionality... for example common system for base Splunk and separate servers for ES, ITSI, Observability, Stream, etc..

hope its clear now, thanks. 

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Reply
Solved! Jump to solution

mikefg
Communicator
‎07-25-2022 07:22 AM

Thank you, this helps. Just wanted to make sure there wasn't any newer recommended way to setup Stream. I'll proceed with a standalone server.

Reply
Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...
Top