We need to install Splunk Enterprise in one Windows machine (server) , which can read all the logs files ( generated inside in machine itself in directory). Many other Windows OS users (clients) with different Splunk account need to be able to access/analyze those logs from his own machine and create their own dashboards as well. The user's(clients) machine doesn't have Splunk enterprise.
So how we can do that? What are the process that server creates instances for many other users and user can access the logs from server machine.
That’s my question. I have searched a lot, but have not been able to find the relevant answer. Can you please help me with this and provide a path forward.
Thanks,
you need not plan for a distributed splunk deployment..
Rough plan ...
Install splunk indexer(it can monitor its own logs), and splunk universal forwarders on the client machines.
The log files can be ingested and sent to splunk indexer.. and then you can configure splunk search head on a separate server(if high number of clients and users) and then create dashboards/alerts/reports can be created by the splunk users themselves.
this page got lot of documentation about splunk deployment..
http://docs.splunk.com/Documentation/Splunk#tab4
check this document...
http://docs.splunk.com/Documentation/Splunk/7.1.2/Deploy/Singleindexer
hey @dhirendra761,
Did the answer below help you out? If not, go ahead and give us some more info on your problem. Keep those updates coming so that others can help out.
But if that answer is sufficient, please approve it. Also, upvote the users that help you out! Because, well, they are the best.
you need not plan for a distributed splunk deployment..
Rough plan ...
Install splunk indexer(it can monitor its own logs), and splunk universal forwarders on the client machines.
The log files can be ingested and sent to splunk indexer.. and then you can configure splunk search head on a separate server(if high number of clients and users) and then create dashboards/alerts/reports can be created by the splunk users themselves.
this page got lot of documentation about splunk deployment..
http://docs.splunk.com/Documentation/Splunk#tab4
check this document...
http://docs.splunk.com/Documentation/Splunk/7.1.2/Deploy/Singleindexer
Hi...@inventsekar
Thanks for update.
Let me explain again my question with example.
Url of splunk enterprise for my local system is
http://localhost:8000/en-US/app/search/search. (Admin Role)
Then if I create some user roles from setting like user or power, then anyone can access above url from another system by using my ip-address.
For example in this case, the other user can access from different machine(without having spunk enterprise in his system) by http://XX.XXX.XX.XXX:8000/en-US/app/launcher/home (where XX represents my system IP)
But this will work only if we both are in same network.
My question is about what is process if we use different network or global network.
eg. Like I have installed the same thing in india and created a dashboard. Now I want that you can modify my dashboard from your location. then How i will be share my dashboard with you.
In this case of what we have to install in my system? What will be the url i need to use?
Could you please suggest on this again.
Thanks.
Hi @dhirendra761
Regarding ...your question about what is process if we use different network or global network...
as long as there network connectivity, the users can access splunk.
lets assume your project/company has two offices.. India and US.. you installed Splunk on your system at india office.. between india and US, the company will use internets connectivity and with the help of firewalls at both india and US, your company will allow only legit connections.. hope you got it..
yes got it @inventsekar . Thanks man for the anwser. 🙂