I need to build Splunk Distributed Environment, how should i configure the different components. I have License/Cluster Master, Indexers, search head and Deployment Server.
I am thinking of below chronology,
1. License/Cluster Master/Deployment Server
2. Indexers
3. search head
4. Heavy Forwarder
Is it right enough, or is there a better way? Also what precautions/prequisite should i keep in mind while deploying all these?
Hi @sarwshai,
The order you defined it's correct, I'd change only Deployment Server:
Only some little hints:
Ciao.
Giuseppe
Hi @sarwshai,
The order you defined it's correct, I'd change only Deployment Server:
Only some little hints:
Ciao.
Giuseppe
Thanks for the suggestion, one point to clarify. I am planning to configure DS on License/Cluster master itself due to hardware restrictions, will it work smoothly (because planning to keep all managment roles under one server)
Hi @sarwshai,
No: Deployment Server must be on a dedicated server when it manages more than 50 clients and anyway never can be shared with the Master Node.
You can find more infos at https://docs.splunk.com/Documentation/Splunk/8.0.1/Updating/Planadeployment#Deployment_server_and_ot... .
When you'll use a Search Head Cluster, you'll be able to configure Deployer on Master Node, but Deployment Server is an Heavy roale and cannot use shared hardware (when more than 50 clients to manage).
Ciao.
Giuseppe
Thanks @gcusello for the info.
@gcusello , still have one doubt, can i configure DS on Heavy Forwarder instead of License/Cluster master
I don't like it! but if you cannot use a dedicated server (better!).
Ciao.
Giuseppe