Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Forwarder installs for Linux and Windows

rodneymitch80
Explorer
‎02-16-2023 08:35 AM

Hello All,

I'm a Splunk newbie and i have 3 questions.

In our newly Splunk Deployment we have a Search Head, 1 Deployment Server, 2 Indexers, and 2 forwarders and we are set up in a Distributed environment.

Question #1 - Is there a streamlined way or quicker way to setup each server using CLI on both linux and windows. 

Question #2 - Do you never need to install apps or add-ons on every server to get all splunk deployment to work?

Question #3 - How would i know what add-ons and apps i would need that are important to our deployment?

This is a project of mine and time is a factor. Please assist. 

Thanks,

RPM

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-24-2023 06:35 AM

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎02-17-2023 06:01 AM

Answer #1 - The documented way is pretty quick.  What is it you feel needs to be streamlined?

Answer #2 - Yes, sometimes an app or add-on needs to be installed on all instance types.

Answer #3 - Only you know what is important to you and your environment.  Tell us what is important to you and we can suggest some apps.  In the meantime, check out this .conf talk for some suggestions: 10 Must-Have Apps and Why You Are Crazy Not to Use Them! (https://static.rainfocus.com/splunk/splunkconf18/sess/1520969498776001bolS/finalPDF/FN1072_10MustHav...)

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

rodneymitch80
Explorer
‎02-17-2023 09:15 AM

@richgalloway  Thanks for your prompt response. It is truly appreciated.

Yea you are right. I meant, Is there documentation on just simple setup for distributed environment? or Is it best to just read all splunk documentation from the very beginning(i.e. Admin Guide, etc)? It's alot of documentation out there that i didn't know where to start from. 

When installing the apps and addons, do they need to be installed on all instances or just the search head only? (i.e Splunk Add-on for Unix and Linux, Splunk Add-on for Microsoft Windows,  Splunk Add-on for Apache Web Server, IT Essentials Work, ITSI, *Nix app, Qmolos, etc. 

Right now what's important now is just getting the search head, indexers, forwarders and deployment server to communicate with each other. According to my management, they want to see just logs only for right now in our small splunk deployment before getting deeper. 

How do i test my whole deployment and see if everything is working and communicating? How to search the heirarchy on the search head?

 

 

 

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-24-2023 07:39 AM

Well, as with anything a bit more complicated than a hammer and a nail it's always the documentation which is great but needs time and there's the experience and good practices which makes thing quicl but needs time to get. Sorry, there's no real way around it. You either need to learn it (by experience/community/trainings) or pay someone to do your project quicker.

Reply
Solved! Jump to solution

rodneymitch80
Explorer
‎02-25-2023 01:44 PM

@PickleRick You're right! I'll just start from the beginning again and plow through it. Thanks again

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎02-24-2023 06:35 AM

The Monitoring Console (MC) can be used to verify everything is working in your environment.  This is a centralized dashboard that watches over each of your Splunk instances.  It's probably best configured (it's installed on all Splunk servers) on the Deployment Server.

---
If this reply helps you, Karma would be appreciated.
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...