All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Cloud app/add-ons installs & search heads

TimmL
Engager
‎03-29-2021 11:41 AM

Hello!

We are new to Splunk Cloud and have a question about installing app/add-ons that we couldn't find definitive information on in the documentation.

We have 3 instances, IDM, Search head 1, and Search head 2 which is our Enterprise Security (ES) instance.

Which one is the indexer? The IDM instance is a sort of Heavy forwarder correct?

When installing apps such as the 'Splunk Add-on for F5 BIG-IP' or the 'Cloudflare App for Splunk' the instructions say to install on the search head(s), Should they be installed on Both search heads? Or just one? What are the advantages or disadvantages of either?

Sorry for the barrage of questions but we are having trouble wrapping our head around how these instances all work together and how the apps interact.
Thanks!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-29-2021 02:06 PM

Your Splunk Cloud indexers are there, but are mostly hidden.  Of the three instances listed, none is an indexer since one of them is an IDM (similar to an HF) and the others are search heads.

When installing apps, just install them on the SH where they will be used.  Splunk Cloud will know which pieces of the app need to be on the indexers and will install them there as well.

Since ES can be a resource hog, only install an app on that search head if it needs to be used with ES.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-29-2021 02:06 PM

Your Splunk Cloud indexers are there, but are mostly hidden.  Of the three instances listed, none is an indexer since one of them is an IDM (similar to an HF) and the others are search heads.

When installing apps, just install them on the SH where they will be used.  Splunk Cloud will know which pieces of the app need to be on the indexers and will install them there as well.

Since ES can be a resource hog, only install an app on that search head if it needs to be used with ES.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

TimmL
Engager
‎03-29-2021 02:56 PM

Great thank you thats exactly what we were looking for!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...