Installation

Splunk install as 2 tier architecture

przemyslawpiest
New Member

I would like to know is it possible to install splunk in two tier architecture. One server shoudl store all the logs (probably indexer), the other one should just search through these logs and display them to the client (search head). Is there any instruction how to install splunk in such architecture? One important factor: logs cannot be stored persistently in any way on presentation server - this is our security requirements.

Tags (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

Not only is a two-tier architecture possible, it's recommended for all but the smallest installations. See http://docs.splunk.com/Documentation/Splunk/6.5.2/Deploy/Distributedoverview

---
If this reply helps you, Karma would be appreciated.
0 Karma

przemyslawpiest
New Member

If I understand right we need than 2 heavy forwarders installed and properly configure them sa one will be an indexer, the other search head. Am i right? Is there any documentation on how to configure this in such way?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

You don't need any heavy forwarders. Install 2 separate instances of Splunk Enterprise. One will be the search head (SH) and license master; the other will be the indexer. Configure the indexer as a license slave pointing to the SH. On the SH, configure distributed search using the indexer as a search peer.

Relevant documentation is a bit scattered, but start with the Distributed Search manual at http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/Whatisdistributedsearch

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...