Monitoring Splunk

installing splunk agent impact on Servers performance.

sabiccsc
New Member

we are going to deploye splunk in our organizations but before deployement there are some Questions .

1 )if we will install splunk agent on Microsoft windows servers 2003/2008 Domain controllers , DHCP servers , DNS Servers , Application Servers and database servers(what will be the performance issue).

2) what types of privlages required to install splunk agent on all the above servers([domain Admin or services account etc.…])

3) if there will be any issue appeared what will be the roll back plan.

4) what about technical support.

5) Knowledge Base / Lesson learnt / Awareness from previous customers.

6) we already have Bit9 and MANDIANT in residing in DCs and are in production, please explore the possibilities of possible impact due to existing agents etc…

Tags (2)
0 Karma

rsennett_splunk
Splunk Employee
Splunk Employee

Splunk doesn't employ an agent.
What you are looking for, is information on the Splunk Universal Forwarder, an unobtrusive "listening" service that forwards data to the indexer or a Splunk Heavy Forwarder which has more features and functions, including the ability to index locally, therefore requires a bit more resource.

You'll want to read through the documentation on the subject, even if your fellow Splunk customers share their stories, it will help to be more familiar with the terminology and function of each component.
Here is a good starting point for a windows installation:
http://docs.splunk.com/Documentation/Splunk/latest/Forwarding/DeployaWindowsdfmanually#Before_you_in...


Your questions regarding credentials are answered there.

You may also want to read the prior sections which discuss the concept of forwarding in general.

Technical Support is available as part of your Enterprise License. You should confirm with your Sales Account Manager as to whether that is included in your license agreement.

In general, performance issues are considered minimal, however benchmarking is recommended so that you understand how much data you are going to be Splunking (what events types exactly,?what is the volume on that particular server,? will you include performance counters also?) you will be best prepared to calculate the impact.

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...