Deployment Architecture

What are the main risks one should consider when deploying Splunk?


Basically what to look out for when deploying splunk in all areas, resolved and unresolved issues


0 Karma

Path Finder

I would also like to add that take the time to size Splunk and make the effort to try and understand your data and what indexes you will need.

Doing this up front and now will pay off in the long run with a well oiled Splunk installation.

0 Karma


This is really more of a discussion topic than an actual question. Definitely something more suited to the IRC channel!
That said however, I will provide some URL's to Docu/Wiki pages that help to build a bigger picture. It should be stressed that deployments can vary massively and its quite hard to cover all bases before going in. Not to mention if you are after system specific issues it needs to be remembered that Splunk operates across alot of different network / hardware configurations and it's unlikely that you'll get a coherent response that is useful to yourself.

Different parts of a deployment;

Some best practices and good links to other resources;

How much space do you need?

Following on from above, Licensing;

Again from above, hardware capacity;

Considerations for deployment data inputs;

Backup Policy;

Data retention policy;

Do you need a hardened install? (Security requirements)

That said, the floor is obviously open to anyone with some good issues 🙂

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...