Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Development Environment (Best Practices)

balbano
Contributor
‎03-06-2012 10:53 AM

Hey Guys,

Trying to brainstorm on ways to create a development environment for my production splunk instance.

I'm not too fluent on transforming non-native log data and would first like to test my work out in a development instance of splunk. (using free license).

Just curious to see how you guys out there are doing it.

I just want to make sure the data is clean and presentable before getting applied to my production indexers.

Furthermore curious on how you guys out there are managing your LF between development and production.

Any feedback is always much appreciated.

Sorry if this sounds a little vague but the questions is pretty open ended and just looking for ideas.

Thanks.

Brian

Reply

Brian_Osburn
Builder
‎03-06-2012 12:08 PM

This may not be best practice, but this is what I do:

I have a Linux machine I use as my dev environment, but it shouldn't matter if it's windows or vmware, etc..

I set up my dev environment to use the same license master as my prod environment (I have plenty of room to grow and waste space if necessary).

I also set up my prod indexers as search peers to my dev indexer: that way if I'm developing a view or searches I can access the events in production without actually adding the views or searches to production yet.

If the logs aren't already being indexed by my production instance, I usually point it to an index on my dev box and play with the data before unleashing into my production environment.

You could even set up a seperate deployment server for your dev environment, or use yoru production one as well.

This is just a few things I do..I'm sure there's others out there who have more ideas..

Reply

slierninja
Communicator
‎11-30-2012 12:53 PM

Search Peers works great - just make sure you have an enterprise license (this won't work with free version)

0 Karma
Reply

lguinn2
Legend
‎03-06-2012 02:42 PM

I especially like the search peers idea - I hadn't thought of that!

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...