Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Deployment Server License Calculation: Will my architecture requires Heavy Forwarder?

Atchyuth_P
Path Finder
‎04-11-2023 12:05 PM

Hi Team,

In my environment we made the Deployment Server as License Master as well. Current Architecture

1 - Search Head

1 - Indexer 

1 - Deployment Server

2 - Universal Forwarders

I am planning to implement Master as well for the current architecture. Will my architecture requires Heavy Forwarder?

Addition to the above, If I am implementing HF is there an impact and also like to understand how the deployment pipeline works

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎04-11-2023 11:34 PM

Hi @Atchyuth_P,

as @woodcock said, in general there's no requirement to use an HF in your architecture.

Usually HFs are used as concentrators when you want to reduce the open routes between a segregated network and an external Splunk or when you have to pull logs from Cloud Service Providers.

About the License Master, I usually don't install it on the Deployment Server because, if it has to manage more than 50 clients, it must be on a dedicated Server.

I usually put the License Master on the Master Node or on the Monitoring Console, in your case I'd put it on the Indexer.

Ciao.

Giuseppe

0 Karma
Reply

woodcock
Esteemed Legend
‎04-11-2023 01:11 PM

There is no reason to add UF until you know that you need to.

0 Karma
Reply

Atchyuth_P
Path Finder
‎04-11-2023 06:59 PM

Hi @woodcock 

Agree. We have data  sources(database server) which needs to be parsed for that reason need HF I am planning to introduce a intermediate forwarder in between. Just want to know will it cause an impact.

Pls have a look into my first question.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...