Hi All, I am planning to create a Distributed Shared search head pooling setup in our test environment with free splunk installation binary. All the splunk instance will be configured in VM environment and these instance will be used only for testing up gradation of splunk environment.
Kindly let me know whether it can be implemented using Enterprise splunk free installation setup or do we need to buy a splunk license.
No you have to use your license, also for test environment, connecting your test Indexers to the License Master Server.
You can use free license only to perform some tests but remember the limits of a free license (see https://www.splunk.com/en_us/products/splunk-enterprise/free-vs-enterprise.html).
Or, if you don't have to modify log indexing (props.conf and transforms.conf), but you have only to develop apps (dashboards, alerts and reports), you could use your test search heads for your developments accessing the production Indexers, but with a little attention because you improve the load on the servers.
thanks Cusello, Actually we are planning to upgrade our distributed shared search head pooling from 6.0.3 to 6.2.1 and we do not have any test environment to preform this activity, so our intension is to do this upgrade activity in test before implementing to prod environment. Kindly guide me whether we need to have license to do this. thanks in advance.
To verify the full functionality of your apps you can use a single search head.
Instead to test the upgrade procedure, you could also use Three Virtual machines that use your indexers as search peers, and after plan a migration.
It's just released version 6.5, try it because has new improved functionalities.
thanks Cusello for your quick response on my doubts. As guided we want to install three splunk instance separately in to three VM machine and configure the same apps that are running in the production environment and check their functionalities. But what about the shared search head pooling instance do we need to configure this in VM machine to replicate the prod environment is this is necessary for performing upgrade test. Kindly guide me on this thanks in advance.
Below are the Shared search pooling setup Prod Environment details
we have two search head, Search job scheduler instance, three indexer are communicating with shared search head pooling instance running separate machine.
Note : All the splunk instance are running with 6.2.1 version and only two search head is running in 6.0.3 version, so first we need to make all our instance to run with same version.