Hi guys!
How to setting splunk an architecture of 01 heavy forwarder, 01 search head and 01 indexer?
I need to collect Windows events, firewalls and Cisco routers in an environment with heavy forwarder 01, 01 and 01 head search indexer.
How would the configuration of each?
Please help.
Sounds like Departmental deployment: Single indexer in the Distributed Deployment Manual.
All you need to know about installing Splunk: http://docs.splunk.com/Documentation/Splunk/6.4.0/Installation/Whatsinthismanual
All you need to know about forwarding data: http://docs.splunk.com/Documentation/Splunk/6.4.0/Forwarding/Aboutforwardingandreceivingdata
All you need to know about distributed search: http://docs.splunk.com/Documentation/Splunk/6.4.0/DistSearch/Whatisdistributedsearch