Deployment Architecture
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

What are the main risks one should consider when deploying Splunk?

Dark_Ichigo
Builder
‎10-23-2011 06:59 PM

Basically what to look out for when deploying splunk in all areas, resolved and unresolved issues

Thanks

0 Karma
Reply

kdenton
Path Finder
‎10-26-2011 08:09 AM

I would also like to add that take the time to size Splunk and make the effort to try and understand your data and what indexes you will need.

Doing this up front and now will pay off in the long run with a well oiled Splunk installation.

0 Karma
Reply

Drainy
Champion
‎10-24-2011 01:40 AM

This is really more of a discussion topic than an actual question. Definitely something more suited to the IRC channel!
That said however, I will provide some URL's to Docu/Wiki pages that help to build a bigger picture. It should be stressed that deployments can vary massively and its quite hard to cover all bases before going in. Not to mention if you are after system specific issues it needs to be remembered that Splunk operates across alot of different network / hardware configurations and it's unlikely that you'll get a coherent response that is useful to yourself.

Different parts of a deployment;
http://docs.splunk.com/Documentation/Splunk/latest/Installation/ComponentsofaSplunkdeployment

Some best practices and good links to other resources;
http://www.splunk.com/wiki/Deploy

How much space do you need?
http://docs.splunk.com/Documentation/Splunk/latest/Installation/HowHowmuchspaceyouwillneed

Following on from above, Licensing;
http://docs.splunk.com/Documentation/Splunk/latest/Admin/HowSplunklicensingworks

Again from above, hardware capacity;
http://docs.splunk.com/Documentation/Splunk/latest/Installation/CapacityplanningforalargerSplunkdepl...

Considerations for deployment data inputs;
http://www.splunk.com/wiki/Community:Deployment_Considerations

Backup Policy;
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Whatyoucanbackup

Data retention policy;
http://docs.splunk.com/Documentation/Splunk/latest/Admin/Setaretirementandarchivingpolicy

Do you need a hardened install? (Security requirements)
http://www.splunk.com/wiki/Community:DeployHardenedSplunk

That said, the floor is obviously open to anyone with some good issues 🙂

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...