Installation

Forwarder installs for Linux and Windows

rodneymitch80
Explorer

Hello All,

I'm a Splunk newbie and i have 3 questions.

In our newly Splunk Deployment we have a Search Head, 1 Deployment Server, 2 Indexers, and 2 forwarders and we are set up in a Distributed environment.

Question #1 - Is there a streamlined way or quicker way to setup each server using CLI on both linux and windows. 

Question #2 - Do you never need to install apps or add-ons on every server to get all splunk deployment to work?

Question #3 - How would i know what add-ons and apps i would need that are important to our deployment?

This is a project of mine and time is a factor. Please assist. 

Thanks,

RPM

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Answer #1 - The documented way is pretty quick.  What is it you feel needs to be streamlined?

Answer #2 - Yes, sometimes an app or add-on needs to be installed on all instance types.

Answer #3 - Only you know what is important to you and your environment.  Tell us what is important to you and we can suggest some apps.  In the meantime, check out this .conf talk for some suggestions: 10 Must-Have Apps and Why You Are Crazy Not to Use Them! (https://static.rainfocus.com/splunk/splunkconf18/sess/1520969498776001bolS/finalPDF/FN1072_10MustHav...)

---
If this reply helps you, Karma would be appreciated.

rodneymitch80
Explorer

@richgalloway  Thanks for your prompt response. It is truly appreciated.

Yea you are right. I meant, Is there documentation on just simple setup for distributed environment? or Is it best to just read all splunk documentation from the very beginning(i.e. Admin Guide, etc)? It's alot of documentation out there that i didn't know where to start from. 

When installing the apps and addons, do they need to be installed on all instances or just the search head only? (i.e Splunk Add-on for Unix and Linux, Splunk Add-on for Microsoft Windows,  Splunk Add-on for Apache Web Server, IT Essentials Work, ITSI, *Nix app, Qmolos, etc. 

Right now what's important now is just getting the search head, indexers, forwarders and deployment server to communicate with each other. According to my management, they want to see just logs only for right now in our small splunk deployment before getting deeper. 

How do i test my whole deployment and see if everything is working and communicating? How to search the heirarchy on the search head?

 

 

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Well, as with anything a bit more complicated than a hammer and a nail it's always the documentation which is great but needs time and there's the experience and good practices which makes thing quicl but needs time to get. Sorry, there's no real way around it. You either need to learn it (by experience/community/trainings) or pay someone to do your project quicker.

rodneymitch80
Explorer

@PickleRick You're right! I'll just start from the beginning again and plow through it. Thanks again

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...