Deployment Architecture

Splunk free - setting up a distributed environement (Search Head, 1 IDX, 1 UF, maybe a deployment server)

spluzer
Communicator

Hey Splunksters,

My work environment is switching from Windows (large distributed enviro) to Linux pretty soon.

I'd like to get familiar with architecting in Linux so I had a couple of questions:

I'm wondering if I can simply spin up 3-5 aws linux vm's and use the free version of splunk to get familiar with the process of creating a distributed enviro (assigning a search head, 1 idx, maybe couple of forwarders and a deployment server using the free splunk??? 

Or, is the free splunk Enterprise only good for 1 download on 1 machine ??

Thanks!


Labels (1)
0 Karma
1 Solution

harsmarvania57
Ultra Champion

Hi,

 

Yes you can setup multiple VMs for different Splunk role with Splunk Entrprise (which has 500MB license for 60 days).

View solution in original post

0 Karma

harsmarvania57
Ultra Champion

Hi,

 

Yes you can setup multiple VMs for different Splunk role with Splunk Entrprise (which has 500MB license for 60 days).

0 Karma

isoutamo
SplunkTrust
SplunkTrust
But you cannot use separate LM. Use local trial licenses in all nodes.
0 Karma

ragedsparrow
Contributor

Greetings,

Splunk Free is only available for a single, stand-alone instance.  You will be unable to build a distributed environment with a Splunk Free license.

0 Karma

ragedsparrow
Contributor

However, as previously mentioned, you could use the Splunk Enterprise Trial license to do what  you're wanting.

0 Karma
Get Updates on the Splunk Community!

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

[Coming Soon] Splunk Observability Cloud - Enhanced navigation with a modern look and ...

We are excited to introduce our enhanced UI that brings together AppDynamics and Splunk Observability. This is ...