Deployment Architecture

Build out of Test Environment Recommendations\Best Practices


Hey All,

I am looking to revamp our Splunk test environment and build a new one from scratch that better suits our needs.  Our production environment consists of both a search head cluster and an indexer cluster along with all of the other various Splunk components.  I would love to replicate our clusters on a smaller scale to ensure our test environment pretty closely mirrors production.  It appears though that the Dev/Test License doesn't support clustering. Does anyone have any recommendations on how to best go about it? I can setup standalone instances with no problem, just curious how other's have addressed this as newer versions of Splunk sometimes make changes to clustering services and I want to ensure they are close to 100% tested before production upgrades.

Also whats the best way to get test data into the test environment? Is the best route to just forward some data from production? Is there a way to mask the data or a way to create dummy data?

Thanks in advance!


0 Karma



Easiest way is to automate the build of your test environment (e.g. with ansible) and then use locally trial licenses. Those allows also clustering, but not LM usage.

Personally I avoid to use production data (even masked/anonymized). I prefer to take some (system/integration) test environment data for that purpose. Also you could use any test data generation systems if you have those in use.

r. Ismo

Get Updates on the Splunk Community!

Tips & Tricks When Using Ingest Actions

Tune in to learn about:Large scale architecture when using Ingest ActionsRegEx performance considerations ...

Announcing Our Splunk MVPs

We are excited to announce the first cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Reimagine what you can do with your dashboards. Dashboard Studio is Splunk’s newest dashboard builder to ...