Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Adding Windows Servers In Splunk

smitagasti
New Member
‎03-26-2023 05:44 AM

Hi
So my organization uses Splunk Enterprise and I have just started learning. So I just needed to ask a question that I need to add aorund 4000+ Servers in the Splunk Enterprise so that my team can view some crucial metrics and data along with reports such as Reboot, CPU/Memory Usage, Drive Alert and all the other crucial data in a single frame. So is it technically possible and if yes how. They are all in different regions and they are in different environments such as Production, Corporate, Stage, Development, etc,. Anyone can reach out to me at smit.agasti10@gmail.com . It would be great if someone could help and be mindful I am a total rookie .

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-26-2023 04:42 PM

As @gcusello pointed out, this looks like a significantly sized project which should be best performed with help of skilled professionals. Deploying forwarders is one thing but making sure all you environment is properly architected and you're getting really the data you want is another thing.

Also, please note that this is a community where people share their knowledge for common good. It is not an advertising board (both for providing services and seeking them).

So the advice is - go to https://partners.splunk.com/solutionscatalog/ find a partner near you and engage this partner.

Reply

gcusello
SplunkTrust
SplunkTrust
‎03-26-2023 07:14 AM

@smitagasti.

your requirement is an interesting challenge for an absolutely large but normal project in Splunk.

But it is also a great project that requires a puntual requirements definition and design.

So at first my hint is to find a Splunk Partner (if you are in Italy, I can help you) that can follow you in this two main phases and then in the impementation, but anyway it cannot be considered a project for rockies.

At the same time it could be a good idea that you start to follow the first training courses on Splunk to underatand how Splunk works, Splunk architectures and what and how to ingest data in Splunk, for more infos you can see the youtube Splunk channel at https://www.youtube.com/@Splunkofficial and here https://www.splunk.com/en_us/training/course-catalog.html?sort=Newest&filters=filterGroup1FreeCourse... .

Anyway, the first thing is to define a monitoring perimeter, defining in an Excel file te list of the system to monitor, understand Operative Systems and so defining the Splunk UNiversal Forwarders to use.

I didn't understand if you already implemented Splunk or not, if not, you have to design your architecture starting from the main features (HA or not, network segmentation, etc...) and the volume of data to index.

Ciao.

Giuseppe

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...