I'm putting together materials for new users to our Splunk Enterprise environment. Can you point me toward some resources to get new users acquainted with Splunk Enterprise basic anatomy and function?
Here's a basic Splunk Enterprise 101 to get your new users on the right track.
Note: This answer applies to Splunk Enterprise and Splunk Cloud
Splunk Enterprise is a flexible data analytics platform that enables users to quickly analyze and share discoveries about data. Splunk scales to meet your needs, from a single-instance sandbox for testing out ideas, to a fully distributed enterprise data center with advanced security, and anywhere in between.
Splunk Enterprise has three functional components: forwarders, indexers, and search heads.
If you have Splunk Cloud, you won't need to worry about the configuration of these components, but understanding what they do will help you as you search and optimize data with Splunk Cloud.
Each component is a Splunk instance configured with just the functional parts it needs to fulfill its role. A stand-alone Splunk deployment on a single server can host all Splunk functions in a single installation. A distributed Splunk deployment on multiple servers can have multiple indexers and search heads deployed, configured, and load balanced across multiple forwarders in multiple locations. Even geographically distributed deployments extend these three functional components.
Splunk Enterprise uses a simple, tiered data structure to ingest and organize your data for easy and efficient searching on its way through the Splunk data pipeline.
Here's a basic Splunk Enterprise 101 to get your new users on the right track.
Note: This answer applies to Splunk Enterprise and Splunk Cloud
Splunk Enterprise is a flexible data analytics platform that enables users to quickly analyze and share discoveries about data. Splunk scales to meet your needs, from a single-instance sandbox for testing out ideas, to a fully distributed enterprise data center with advanced security, and anywhere in between.
Splunk Enterprise has three functional components: forwarders, indexers, and search heads.
If you have Splunk Cloud, you won't need to worry about the configuration of these components, but understanding what they do will help you as you search and optimize data with Splunk Cloud.
Each component is a Splunk instance configured with just the functional parts it needs to fulfill its role. A stand-alone Splunk deployment on a single server can host all Splunk functions in a single installation. A distributed Splunk deployment on multiple servers can have multiple indexers and search heads deployed, configured, and load balanced across multiple forwarders in multiple locations. Even geographically distributed deployments extend these three functional components.
Splunk Enterprise uses a simple, tiered data structure to ingest and organize your data for easy and efficient searching on its way through the Splunk data pipeline.
Added related video.