Installation

Forwarder installs for Linux and Windows

rodneymitch80
Explorer

Hello All,

I'm a Splunk newbie and i have 3 questions.

In our newly Splunk Deployment we have a Search Head, 1 Deployment Server, 2 Indexers, and 2 forwarders and we are set up in a Distributed environment.

Question #1 - Is there a streamlined way or quicker way to setup each server using CLI on both linux and windows. 

Question #2 - Do you never need to install apps or add-ons on every server to get all splunk deployment to work?

Question #3 - How would i know what add-ons and apps i would need that are important to our deployment?

This is a project of mine and time is a factor. Please assist. 

Thanks,

RPM

Labels (1)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Answer #1 - The documented way is pretty quick.  What is it you feel needs to be streamlined?

Answer #2 - Yes, sometimes an app or add-on needs to be installed on all instance types.

Answer #3 - Only you know what is important to you and your environment.  Tell us what is important to you and we can suggest some apps.  In the meantime, check out this .conf talk for some suggestions: 10 Must-Have Apps and Why You Are Crazy Not to Use Them! (https://static.rainfocus.com/splunk/splunkconf18/sess/1520969498776001bolS/finalPDF/FN1072_10MustHav...)

---
If this reply helps you, Karma would be appreciated.

rodneymitch80
Explorer

@richgalloway  Thanks for your prompt response. It is truly appreciated.

Yea you are right. I meant, Is there documentation on just simple setup for distributed environment? or Is it best to just read all splunk documentation from the very beginning(i.e. Admin Guide, etc)? It's alot of documentation out there that i didn't know where to start from. 

When installing the apps and addons, do they need to be installed on all instances or just the search head only? (i.e Splunk Add-on for Unix and Linux, Splunk Add-on for Microsoft Windows,  Splunk Add-on for Apache Web Server, IT Essentials Work, ITSI, *Nix app, Qmolos, etc. 

Right now what's important now is just getting the search head, indexers, forwarders and deployment server to communicate with each other. According to my management, they want to see just logs only for right now in our small splunk deployment before getting deeper. 

How do i test my whole deployment and see if everything is working and communicating? How to search the heirarchy on the search head?

 

 

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Well, as with anything a bit more complicated than a hammer and a nail it's always the documentation which is great but needs time and there's the experience and good practices which makes thing quicl but needs time to get. Sorry, there's no real way around it. You either need to learn it (by experience/community/trainings) or pay someone to do your project quicker.

rodneymitch80
Explorer

@PickleRick You're right! I'll just start from the beginning again and plow through it. Thanks again

0 Karma

richgalloway
SplunkTrust
SplunkTrust

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...