Deployment Architecture

using an F5 LTM in front of a search head pool

Communicator

Has anyone setup an F5 LTM in front of their search head pool? how did you get this to work? I've tried a couple of different persistence profiles with no success.

1 Solution

Communicator

Turns out this is not as complicated as I had made it. My major hurdle was that I had SSL enabled for splunk web on the searchheads and to properly support that i had to configure the LTM to handle the SSL encryption between the LTM and the splunk searchhead server.

I created two vips, one for port 80 and one for port 443. For the port 80 vip i had to apply the SSL server profile. I just used the built in one named 'serverssl'. for the port 443 vip i had to apply a client SSL profile (that I created with a self signed certificate) and also apply the 'serverssl' server side SSL profile.

For persistence I applied the 'session_cookie_insert' as the default persistence profile.

View solution in original post

Communicator

Turns out this is not as complicated as I had made it. My major hurdle was that I had SSL enabled for splunk web on the searchheads and to properly support that i had to configure the LTM to handle the SSL encryption between the LTM and the splunk searchhead server.

I created two vips, one for port 80 and one for port 443. For the port 80 vip i had to apply the SSL server profile. I just used the built in one named 'serverssl'. for the port 443 vip i had to apply a client SSL profile (that I created with a self signed certificate) and also apply the 'serverssl' server side SSL profile.

For persistence I applied the 'session_cookie_insert' as the default persistence profile.

View solution in original post

State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!