Getting Data In

Is it possible to simulate a splunk deployment on a single windows or linux machine, using virtual machines?

stephane_cyrill
Builder

Hi everyone,

I want to do something like a simulation of a deployment on my windows machine.
I don't know if it is possible to install many virtual machines (using tools like Virtual box) and install splunk instances (search head,indexers,forwarder, ...) on them and finally configure that to work like a real deployment.

My goal is to find a way to simulate things to do some Lab testing.

Is there already a tool that can help for some splunk simulations? I'm talking of something like Packet Tracer i computer network.

thanks for any ideas

0 Karma
1 Solution

Lucas_K
Motivator

Just do multiple installs and use different web, management, forwarding and receiving ports.

The most i've had on a single box was an index cluster (4 member) and search head cluster (4 member), 1, uf, 1 deployment server, 1 deployer and 1 cluster master. Make sure you set your home paths for each install in /etc/splunk-launch.conf.

ps: These were linux installs so the windows one will need different install paths I assume if your using the msi.

View solution in original post

fdi01
Motivator

first do differents installs and for configuration.
Please refer to below site for the use cases for VMware environment - http://docs.splunk.com/Documentation/VMW/3.1.4/User/Commonusecases

You can also receive logs from ESX host using syslog.
http://docs.splunk.com/Documentation/VMW/3.1.4/Installation/CollectlogdatafromESXihosts.

Lucas_K
Motivator

Just do multiple installs and use different web, management, forwarding and receiving ports.

The most i've had on a single box was an index cluster (4 member) and search head cluster (4 member), 1, uf, 1 deployment server, 1 deployer and 1 cluster master. Make sure you set your home paths for each install in /etc/splunk-launch.conf.

ps: These were linux installs so the windows one will need different install paths I assume if your using the msi.

stephane_cyrill
Builder

Thanks Lucas K,
happy to know that you have already done that. I will like to have your email address so that I can get you for more questions. Here is mine: cyrilleko@gmail.com

0 Karma

stephane_cyrill
Builder

Can I have more details about the prerequisite characteristic of the computer on which I want to deploy?

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...