Deployment Architecture

Build out of Test Environment Recommendations\Best Practices


Hey All,

I am looking to revamp our Splunk test environment and build a new one from scratch that better suits our needs.  Our production environment consists of both a search head cluster and an indexer cluster along with all of the other various Splunk components.  I would love to replicate our clusters on a smaller scale to ensure our test environment pretty closely mirrors production.  It appears though that the Dev/Test License doesn't support clustering. Does anyone have any recommendations on how to best go about it? I can setup standalone instances with no problem, just curious how other's have addressed this as newer versions of Splunk sometimes make changes to clustering services and I want to ensure they are close to 100% tested before production upgrades.

Also whats the best way to get test data into the test environment? Is the best route to just forward some data from production? Is there a way to mask the data or a way to create dummy data?

Thanks in advance!


0 Karma



Easiest way is to automate the build of your test environment (e.g. with ansible) and then use locally trial licenses. Those allows also clustering, but not LM usage.

Personally I avoid to use production data (even masked/anonymized). I prefer to take some (system/integration) test environment data for that purpose. Also you could use any test data generation systems if you have those in use.

r. Ismo

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!