Installation

Splunk install as 2 tier architecture

przemyslawpiest
New Member

I would like to know is it possible to install splunk in two tier architecture. One server shoudl store all the logs (probably indexer), the other one should just search through these logs and display them to the client (search head). Is there any instruction how to install splunk in such architecture? One important factor: logs cannot be stored persistently in any way on presentation server - this is our security requirements.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Not only is a two-tier architecture possible, it's recommended for all but the smallest installations. See http://docs.splunk.com/Documentation/Splunk/6.5.2/Deploy/Distributedoverview

---
If this reply helps you, Karma would be appreciated.
0 Karma

przemyslawpiest
New Member

If I understand right we need than 2 heavy forwarders installed and properly configure them sa one will be an indexer, the other search head. Am i right? Is there any documentation on how to configure this in such way?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't need any heavy forwarders. Install 2 separate instances of Splunk Enterprise. One will be the search head (SH) and license master; the other will be the indexer. Configure the indexer as a license slave pointing to the SH. On the SH, configure distributed search using the indexer as a search peer.

Relevant documentation is a bit scattered, but start with the Distributed Search manual at http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/Whatisdistributedsearch

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...