All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Cloud app/add-ons installs & search heads

TimmL
Engager
‎03-29-2021 11:41 AM

Hello!

We are new to Splunk Cloud and have a question about installing app/add-ons that we couldn't find definitive information on in the documentation.

We have 3 instances, IDM, Search head 1, and Search head 2 which is our Enterprise Security (ES) instance.

Which one is the indexer? The IDM instance is a sort of Heavy forwarder correct?

When installing apps such as the 'Splunk Add-on for F5 BIG-IP' or the 'Cloudflare App for Splunk' the instructions say to install on the search head(s), Should they be installed on Both search heads? Or just one? What are the advantages or disadvantages of either?

Sorry for the barrage of questions but we are having trouble wrapping our head around how these instances all work together and how the apps interact.
Thanks!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-29-2021 02:06 PM

Your Splunk Cloud indexers are there, but are mostly hidden.  Of the three instances listed, none is an indexer since one of them is an IDM (similar to an HF) and the others are search heads.

When installing apps, just install them on the SH where they will be used.  Splunk Cloud will know which pieces of the app need to be on the indexers and will install them there as well.

Since ES can be a resource hog, only install an app on that search head if it needs to be used with ES.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎03-29-2021 02:06 PM

Your Splunk Cloud indexers are there, but are mostly hidden.  Of the three instances listed, none is an indexer since one of them is an IDM (similar to an HF) and the others are search heads.

When installing apps, just install them on the SH where they will be used.  Splunk Cloud will know which pieces of the app need to be on the indexers and will install them there as well.

Since ES can be a resource hog, only install an app on that search head if it needs to be used with ES.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

TimmL
Engager
‎03-29-2021 02:56 PM

Great thank you thats exactly what we were looking for!

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...