Solved: Re: Splunk Architecture with two IP addresses

rubeniturrieta · ‎10-01-2015

Hi to everyone

It makes sense to have a Splunk Architecture, with machines with two addresses?

For example:

1 Indexer with 1 address for web access, and another address for receive syslog

Another example:

1 indexer with 1 address for web access, and another address for index replication

Thanks in advance

Regards

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

View solution in original post

Yasaswy · ‎10-01-2015

Hi.. As long as you have needed flexibility from Networking and Systems administration side, the above setup can be done. I don't think there would be big performance advantages (assuming your network is overall well managed) by this. However from a process/implementation standpoint I can see how this might make things better regulated for certain environments. I would imagine this naturally adds a bit to administrative overhead and will also add additional factors to consider when trouble shooting issues (clustering/data loss).

rubeniturrieta · ‎10-01-2015

Ok, thanks you Yasaswy

Splunk Architecture with two IP addresses

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes