Greetings!!!!
Dear All,
I really need your help and guidance,
I want to create a "Test environment " that is similar to the Live production ,
**What I want to have in the test environment ,
- In my production, i have 7 servers (one for Search Head, second for Search head management(splunk instance), and other 5 remaining are the indexers), AND I WANT TO HAVE THE SAME IN TEST ENVIRONMENT,
I have read the splunk documentation, but It is not guide me well. I want your help and advice me, how to create this????
SO far I have downloaded Virtualbox and centos 7,
Kindly help me and guide me, what the requirements i need to have so that i can create this test environment same as the production one?
- what splunk enterprise software i will use, is it the free 60 day or i will have to take copy the one i used in the production and use it in test env? I'm lost kindly help how i can have this distribution in environment , what i must have to successfully create this Test environment same as production one I mentioned above and have ALL those components in test environment,
Thank you in advance.
1. As splunk (especially the indexers) is IO-heavy, it's best to install it on bare metal. Having said that - there is no direct recommendation or limitation on virtualization technology if you want to use one anyway but splunk needs to be able to pull many IOPS from hardware, so you definitely need paravirtualized drivers. I haven't used VirtualBox for a few years now so can't tell you how it fares performance-wise.
2. CentOS is a relatively good choice. I use CentOS on many of my splunk machines. Of course you need relatively modern one. Oh, and in case of the 8th edition, you might switch to Rocky Linux instead of CentOS.
Testing environment usually doesn't need to be as performant as the production one - you most often don't do stress-tests there, just testing functionality before moving to production so it's usually a bit scaled down (for example 3 smaller indexers instead of 5 huge ones). But your needs might be different here.
3. The installation package is the same. It's just that after you install the software it automatically starts with a Trial License. If you don't apply commercial/testing/dev/nfr/whatever-else-there-is license or don't connect it to License Master, after 60 days the installation switches to Free License mode (from which you can switch it back to full functionality by applying proper license).
4. Well, installing distributed environment (or clustered one) is not an easy task. Luckily, we're talking about testing installation so you can scrap it and start from scratch if anything goes wrong. There is much reading ahead of you. Start with https://docs.splunk.com/Documentation/Splunk/8.2.4/Deploy/Distributedoverview
The free license, apart from the data size limitation, has only limited subset of functionality (no users/auth, no scheduled searches, no datamodel acceleration, no clustering, no forwarder management).
The trial license will work for 60 days only and even though it might technically work as a distributed environment, it's meant for single server deployment. And it's a trial license so the purpose is for the customer to try and see whether he likes the splunk solution or not. Setting up a testing environment using this license is not exactly fulfilling its condition.
To set up a separate testing environment you should either get a separate testing license (there is a possibility to obtain a testing license for active customers) or set up a testing environment, attach it to the licensing master and allocate a part of your main license to the testing environment.
Thank you dear @PickleRick for your quick response about this matter,
I would also need to know the list of things/requirements will have to implement this TEST environment to work same as the production env one.
1- which VM i will use? VirtualBox will work?
2- For OS is choose CentOS as the one i use in production? am i going to install other centos for each components(5 indexers, 1 SH ,1 Management node) to match the the numbers of the components in production?????? OR i will use one?
3- About Splunk enterprise software, am going to use this one for Download free- 60 trial (https://www.splunk.com/en_us/download/splunk-enterprise.html) OR i will use the one i used in production??????
4- What about the indexers and how i will install and configure it, is there any link related or another guidance so that it can meet the production?
5- Kindly help me with the list of things i need to have in test environment to meet the production and what to do next?
Thank you in advance
1. As splunk (especially the indexers) is IO-heavy, it's best to install it on bare metal. Having said that - there is no direct recommendation or limitation on virtualization technology if you want to use one anyway but splunk needs to be able to pull many IOPS from hardware, so you definitely need paravirtualized drivers. I haven't used VirtualBox for a few years now so can't tell you how it fares performance-wise.
2. CentOS is a relatively good choice. I use CentOS on many of my splunk machines. Of course you need relatively modern one. Oh, and in case of the 8th edition, you might switch to Rocky Linux instead of CentOS.
Testing environment usually doesn't need to be as performant as the production one - you most often don't do stress-tests there, just testing functionality before moving to production so it's usually a bit scaled down (for example 3 smaller indexers instead of 5 huge ones). But your needs might be different here.
3. The installation package is the same. It's just that after you install the software it automatically starts with a Trial License. If you don't apply commercial/testing/dev/nfr/whatever-else-there-is license or don't connect it to License Master, after 60 days the installation switches to Free License mode (from which you can switch it back to full functionality by applying proper license).
4. Well, installing distributed environment (or clustered one) is not an easy task. Luckily, we're talking about testing installation so you can scrap it and start from scratch if anything goes wrong. There is much reading ahead of you. Start with https://docs.splunk.com/Documentation/Splunk/8.2.4/Deploy/Distributedoverview