Deployment Architecture
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

i am new to the distributed splunk environment. suppose if i want to install a add-on which collects data from the proofpoint where would i intsall it in the heavy forwarder or in the search head

Nadhiya_Dubai
Explorer
‎06-12-2018 02:00 AM

where to install the TAP modular input in the distributed splunk environment . i have 4 heavy forwarders .How will i choose which heavy forwarder is the right place to install

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎06-12-2018 10:26 AM

The best practice would be to run it on a heavy forwarder. Generally, you don't want to use Search Heads for data collection.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Nadhiya_Dubai
Explorer
‎06-17-2018 10:45 PM

when to configure the inputs ?? after pushing to the hf

0 Karma
Reply
Solved! Jump to solution

Nadhiya_Dubai
Explorer
‎06-13-2018 12:35 AM

i have a utility server with me where i had to copy the app conf files from splunk search head where my modular input app is installed

0 Karma
Reply
Solved! Jump to solution

ranjitbrhm1
Communicator
‎06-12-2018 11:14 PM

Apps are basically just conf files that you can put on the splunk server and you give splunk service a restart they will start working. So what i would have done in this setup is if you dont have a third party tool like sccm or scripts to push out your apps and you only have 4 HF and 1 SH you point all the HF to your SH first using the following command. 

/opt/splunk/bin/splunk set deploy-poll "your SH IP address":8089

once that is done all you have to do is add the app on to your /opt/splunk/etc/deploymentapps folder and then create a server class and push them off to the HF. that way you can manage your apps better.

Of course i havent done it with your specific app but the concept remains the same. You can test it out with 1 server first and then try pushing it off to other servers

0 Karma
Reply
Solved! Jump to solution

Nadhiya_Dubai
Explorer
‎06-12-2018 10:51 PM

so to start with , is it advisable to directly install on the heavy forwarder or to install the app in the utility server . Later push the app to the heavy forwarder ?

0 Karma
Reply
Solved! Jump to solution
Solution

kmorris_splunk
Splunk Employee
Splunk Employee
‎06-12-2018 10:26 AM

The best practice would be to run it on a heavy forwarder. Generally, you don't want to use Search Heads for data collection.

0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...