Monitoring Splunk
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

installing splunk agent impact on Servers performance.

sabiccsc
New Member
‎11-09-2013 08:42 PM

we are going to deploye splunk in our organizations but before deployement there are some Questions .

1 )if we will install splunk agent on Microsoft windows servers 2003/2008 Domain controllers , DHCP servers , DNS Servers , Application Servers and database servers(what will be the performance issue).

2) what types of privlages required to install splunk agent on all the above servers([domain Admin or services account etc.…])

3) if there will be any issue appeared what will be the roll back plan.

4) what about technical support.

5) Knowledge Base / Lesson learnt / Awareness from previous customers.

6) we already have Bit9 and MANDIANT in residing in DCs and are in production, please explore the possibilities of possible impact due to existing agents etc…

Tags (2)
0 Karma
Reply

rsennett_splunk
Splunk Employee
Splunk Employee
‎11-09-2013 11:53 PM

Splunk doesn't employ an agent.
What you are looking for, is information on the Splunk Universal Forwarder, an unobtrusive "listening" service that forwards data to the indexer or a Splunk Heavy Forwarder which has more features and functions, including the ability to index locally, therefore requires a bit more resource.

You'll want to read through the documentation on the subject, even if your fellow Splunk customers share their stories, it will help to be more familiar with the terminology and function of each component.
Here is a good starting point for a windows installation:
http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/DeployaWindowsdfmanually#Before_you_in...


Your questions regarding credentials are answered there.

You may also want to read the prior sections which discuss the concept of forwarding in general.

Technical Support is available as part of your Enterprise License. You should confirm with your Sales Account Manager as to whether that is included in your license agreement.

In general, performance issues are considered minimal, however benchmarking is recommended so that you understand how much data you are going to be Splunking (what events types exactly,?what is the volume on that particular server,? will you include performance counters also?) you will be best prepared to calculate the impact.

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...