Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk install as 2 tier architecture

przemyslawpiest
New Member
‎03-02-2017 01:04 AM

I would like to know is it possible to install splunk in two tier architecture. One server shoudl store all the logs (probably indexer), the other one should just search through these logs and display them to the client (search head). Is there any instruction how to install splunk in such architecture? One important factor: logs cannot be stored persistently in any way on presentation server - this is our security requirements.

Tags (1)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-02-2017 04:50 AM

Not only is a two-tier architecture possible, it's recommended for all but the smallest installations. See http://docs.splunk.com/Documentation/Splunk/6.5.2/Deploy/Distributedoverview

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

przemyslawpiest
New Member
‎03-02-2017 04:57 AM

If I understand right we need than 2 heavy forwarders installed and properly configure them sa one will be an indexer, the other search head. Am i right? Is there any documentation on how to configure this in such way?

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎03-02-2017 05:45 AM

You don't need any heavy forwarders. Install 2 separate instances of Splunk Enterprise. One will be the search head (SH) and license master; the other will be the indexer. Configure the indexer as a license slave pointing to the SH. On the SH, configure distributed search using the indexer as a search peer.

Relevant documentation is a bit scattered, but start with the Distributed Search manual at http://docs.splunk.com/Documentation/Splunk/6.5.2/DistSearch/Whatisdistributedsearch

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...