Re: Splunk Setup on Local Machine (Laptop)

pandabkpanda · ‎08-11-2017

Hi,

I am very new to Splunk. I will be working on a Splunk PoC next week and hence I want to install and set up Splunk Free trial on my local machine (a laptop running on Windows 8).

What would be the best way to set up the Splunk ? Which option shall I choose - whether as a Forwarder or Indexer or Search Head ?

Can you please help with this ?

Thanks in advance!

m7787579 · ‎08-11-2017

Hi pandabkpanda,

You simply have to go to Splunk.com and click on Free trial and after that install Splunk Enterprise Edition.
You don't need to worry about whether to install it as Forwarder or Indexer or Search Head.
As you are new just go with default options and start Splunking.

You will get the free license which lets you index up to 500 MB per day and will never expire.

Regards,

skoelpin · ‎08-11-2017

There's 2 installs of Splunk which are Splunk Enterprise and the Splunk Universal Forwarder. the Splunk enterprise install encompasses your indexer, search head, deployment server etc..

So to answer your question, you should install Splunk enterprise. You should then install the universal forwarder on remote machines which will then forward data to Splunk enterprise. To start, you should install a non-distributed environment of Splunk, also known as a stand-alone setup. Once you install Splunk, you can have full enterprise features as it will be the trial version but will e restricted to indexing 500MB per day. After 60 days your trial version will roll into the Splunk free version

http://docs.splunk.com/Documentation/Splunk/6.6.2/Installation/ChoosetheuserSplunkshouldrunas

Splunk Setup on Local Machine (Laptop)

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?